CVE-2026-6857

high

Apache

CVSS v3 Base Score

7.5

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.4%

Exploitation probability in 30 days

Top 39% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: April 22, 2026 (22 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: MITRE

Description

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.

CWE

CWE-502

Affected Products

Red Hat Red Hat build of Apache Camel 4 for Quarkus 3Red Hat Red Hat build of Apache Camel for Spring Boot 4Red Hat Red Hat Fuse 7Red Hat Red Hat JBoss Enterprise Application Platform 8Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack

References

🔗 access.redhat.com 🔗 bugzilla.redhat.com

CVE-2026-6857

Vulnerability Report

Description

CWE

Affected Products

References