CVE-2026-42509
MEDIUM NVDCVSS Score
6.1
Severity
MEDIUM
Source
NVD
Published
May 06, 2026
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue.