camel-infinispan Vulnerable to Deserialization of Untrusted Data

GHSA-xfxp-ppx7-cqrp · CVE-2026-6857

Published Apr 22, 2026 · Modified Jun 2, 2026

Description

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-6857
WEB https://github.com/apache/camel/commit/ec297f89065b6cfc2682487a96411692d6c296e2
WEB https://access.redhat.com/errata/RHSA-2026:17668
WEB https://access.redhat.com/errata/RHSA-2026:22453
WEB https://access.redhat.com/security/cve/CVE-2026-6857
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2460003
PACKAGE https://github.com/apache/camel

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes