CVE-2026-40858

Name of the Vulnerable Software and Affected Versions Apache Camel camel-infinispan (affected versions not specified)

Description The DefaultExchangeHolderUtils.deserialize() function in the camel-infinispan component contains a flaw in its deserialization mechanism. Specifically, the ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using ObjectInputStream. This could allow a remote attacker to execute arbitrary code by sending a specially crafted packet.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.