CVE-2026-6857: camel-infinispan Vulnerable to Deserialization of Untrusted Data

April 22, 2026 (updated April 29, 2026)

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.

References

access.redhat.com/security/cve/CVE-2026-6857
bugzilla.redhat.com/show_bug.cgi?id=2460003
github.com/advisories/GHSA-xfxp-ppx7-cqrp
github.com/apache/camel
github.com/apache/camel/commit/ec297f89065b6cfc2682487a96411692d6c296e2
nvd.nist.gov/vuln/detail/CVE-2026-6857

Code Behaviors & Features

Detect and mitigate CVE-2026-6857 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →