CVE-2026-6857 HIGH

CVE-2026-6857: Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization

Vendor Red Hat
Product Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14
Weakness CWE-502 · Unsafe deserialization
Published April 22, 2026
Last update June 30, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.

Key dates

02Disclosure timeline

April 22, 2026 CVE published
June 30, 2026 Record updated