7.5
CVE-2026-6857
- EPSS 0.41%
- Veröffentlicht 22.04.2026 12:55:00
- Zuletzt bearbeitet 22.04.2026 21:23:52
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRed Hat
≫
Produkt
Red Hat build of Apache Camel 4 for Quarkus 3
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Apache Camel for Spring Boot 4
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat Fuse 7
Default Statusaffected
HerstellerRed Hat
≫
Produkt
Red Hat JBoss Enterprise Application Platform 8
Default Statusunaffected
HerstellerRed Hat
≫
Produkt
Red Hat JBoss Enterprise Application Platform Expansion Pack
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.614 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.