Launchpad.net

CVE 2016-7098

Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

See the CVE page on Mitre.org for more details.