3 matches found
CVE-2026-43867
Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...
CVE-2026-46590
CVE-2026-46590 affects Apache Camel: Camel-PQC. The HashiCorp Vault and AWS Secrets Manager key-lifecycle managers deserialize a Base64-wrapped metadata object using an unfiltered java.io.ObjectInputStream, with cast to KeyMetadata performed after readObject(). This allows crafted serialized obje...
CVE-2026-42526
The CVE-2026-42526 vulnerability affects apache-airflow-providers-amazon backends for AWS Secrets Manager and SSM Parameter Store prior to 9.28.0. The team-scoping logic could resolve a conn_id containing a slash (for example a_team/conn) to the same path as another team’s secret when the caller ...