Home

Description

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.

PUBLISHED Reserved 2026-04-22 | Published 2026-04-22 | Updated 2026-04-29 | Assigner redhat




HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

Deserialization of Untrusted Data

Product status

Default status
affected

Default status
affected

Default status
affected

Default status
unaffected

Default status
unaffected

Timeline

2026-04-13:Reported to Red Hat.
2026-04-13:Made public.

Credits

Red Hat would like to thank Feng Ning (Innora Pte. Ltd.) for reporting this issue.

References

access.redhat.com/security/cve/CVE-2026-6857 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2460003 (RHBZ#2460003) issue-tracking

cve.org (CVE-2026-6857)

nvd.nist.gov (CVE-2026-6857)

Download JSON