Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-43866

A flaw was found in Apache Camel JMS components. A remote attacker can exploit a deserialization vulnerability by sending a specially crafted ObjectMessage to a queue or topic consumed by an affected Camel application. This bypasses existing security checks, allowing the attacker to inject...

8.1CVSS6AI score0.00504EPSS
Exploits2References4
NVD
NVD
added 2026/07/06 9:16 a.m.8 views

CVE-2026-43866

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

7.3CVSS0.00504EPSS
Exploits2References1
EUVD
EUVD
added 2026/07/06 8:35 a.m.6 views

EUVD-2026-41855

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

7.3CVSS6AI score0.00504EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/07/06 8:35 a.m.34 views

CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

0.00504EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/07/06 8:35 a.m.9 views

CVE-2026-43866 Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject whenever the...

6AI score0.00881EPSS
Exploits2References1
CVE
CVE
added 2026/07/06 8:35 a.m.19 views

CVE-2026-43866

Summary : CVE-2026-43866 is a deserialization bypass in Apache Camel JMS components. When mapJmsMessage is enabled, camel-jms (and camel-sjms and JMS-family components) deserialize JMS ObjectMessage payloads via ObjectMessage.getObject(). Although a post-deserialization allow-list was added in CV...

7.3CVSS6AI score0.00881EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder