CYBERHAWK / CVE / CVE-2026-40010

CVE-2026-40010

Apache Wicket

CRITICAL CVSS 9.1 vibe oss

The flaw

Session fixation attack due to missing changeSessionId invocation after session binding.

What to do

Update to Apache Wicket 10.9.0

▸ Scan my repo for CVE-2026-40010

References

NVD CISA KEV OSV GitHub Advisory MITRE News search
First seen 2026-05-08 · Tracked by PickBits CyberHawk · Weekly CVE digest
← All CVEs RSS Scheduled audits