11 matches found
CVE-2026-40473
A flaw was found in the camel-mina component of Apache Camel. This vulnerability allows a remote attacker to achieve arbitrary code execution by sending a specially crafted serialized Java object over the network to the MINA consumer port. The MinaConverter.toObjectInput type converter, used when...
Insecure Deserialization
org.apache.camel, camel-mina is vulnerable to insecure deserialization. The vulnerability is due to the MinaConverter.toObjectInputIoBuffer method wrapping untrusted data in a java.io.ObjectInputStream without applying filtering or class restrictions, which allows an attacker to send crafted...
org.apache.camel.kafkaconnector:camel-mina-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.karaf:camel-mina (>=4.10.3 <=4.14.5) +5 more potentially affected by CVE-2026-40473 via org.apache.camel:camel-mina (>=3.0.0-RC1 <=4.14.5)
org.apache.camel:camel-mina MAVEN version =3.0.0-RC1, =0.1.0, =4.10.3, =3.0.0, =3.0.0-RC1, =4.0-20200713, =4.0-20200713, =4.0-20200713, =4.3.2 Source cves: CVE-2026-40473 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321635...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the MinaConverter.toObjectInput function. An attacker can execute arbitrary code by sending a crafted serialized Java object over the network to the MINA TCP or UDP consumer port when conversion to...
GHSA-VPR3-2659-RW55 Camel-MINA Vulnerable to Deserialization of Untrusted Data
The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...
org.apache.camel.kafkaconnector:camel-mina-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.karaf:camel-mina (>=4.10.3 <=4.14.5) +4 more potentially affected by CVE-2026-40473 via org.apache.camel:camel-mina (>=3.0.0 <=4.14.5)
org.apache.camel:camel-mina MAVEN version =3.0.0, =0.1.0, =4.10.3, =3.0.0, =4.0-20200713, =4.0-20200713, =4.0-20200713, =4.3.2 Source cves: CVE-2026-40473 Source advisory: OSV:GHSA-VPR3-2659-RW55...
Camel-MINA Vulnerable to Deserialization of Untrusted Data
The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...
CVE-2026-40473
The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...
CVE-2026-40473 Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP
The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...
CVE-2026-40473 Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP
The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...
PT-2026-35371
The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...