CVE-2026-6857
Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.
| CWE | CWE-502 |
| Vendor | red hat |
| Product | red hat build of apache camel 4 for quarkus 3 |
| Published | Apr 22, 2026 |
| Last Updated | Apr 22, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat build of apache camel 4 for quarkus 3
Be the first to know when new high vulnerabilities affecting red hat red hat build of apache camel 4 for quarkus 3 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Red Hat / Red Hat build of Apache Camel 4 for Quarkus 3
All versions affected Red Hat / Red Hat build of Apache Camel for Spring Boot 4
All versions affected Red Hat / Red Hat Fuse 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected References
Credits
Red Hat would like to thank Feng Ning (Innora Pte. Ltd.) for reporting this issue.