VYPR

Maven package

org.apache.wicket/wicket-auth-roles

pkg:maven/org.apache.wicket/wicket-auth-roles

Vulnerabilities (1)

  • CVE-2026-40010CriMay 6, 2026
    affected >= 8.0.0-M1, <= 8.17.0

    Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to