CVE-2026-43646 POC (Proof-of-Concept)

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket.
This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0.
Users are recommended to upgrade to version 10.9.0, which fixes the issue.

Published: 2026-05-06

CVSS: 7.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Download CVE-2026-43646 POC (Proof-of-Concept) here:

http://zeroday6mns52t72y3rsle7f72wca5uwn2xzktdysf72flozx7sv4mqd.onion/exploit-for-cve-2026-43646.777/

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

https://hokyo.gr/poc-758-cve-2026-42225/

https://hokyo.gr/poc-828-cve-2025-69691/

https://hokyo.gr/poc-155-cve-2026-43824/

https://hokyo.gr/poc-201-cve-2026-7703/

https://hokyo.gr/poc-602-cve-2026-7963/