CVE-2026-6857

HIGH

Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization

Title source: cna

Description

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.

References (2)

[Vdb Entry, X_Refsource_Redhat] https://access.redhat.com/security/cve/CVE-2026-6857

[Issue Tracking, X_Refsource_Redhat] https://bugzilla.redhat.com/show_bug.cgi?id=2460003

Scores

CVSS v3 7.5

EPSS 0.0041

EPSS Percentile 61.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (5)

Red Hat/Red Hat build of Apache Camel 4 for Quarkus 3

Red Hat/Red Hat build of Apache Camel for Spring Boot 4

Red Hat/Red Hat Fuse 7

Red Hat/Red Hat JBoss Enterprise Application Platform 8

Red Hat/Red Hat JBoss Enterprise Application Platform Expansion Pack

Published Apr 22, 2026

Tracked Since Apr 22, 2026