Skip to main content
Loading…
    CVE-2026-40010 — Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. — CVE Database · The Intelligence Room