Threats Tagged 'cve-2026-40858'
View all threats tagged with 'cve-2026-40858'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-40858'
Click on any threat for detailed analysis and mitigation recommendations
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA)CVE-2026-2332 0 An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products: * camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data [rhboac-camel-quarkus-3] (CVE-2026-40858) * camel-infinispan-common: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data [rhboac-camel-quarkus-3] (CVE-2026-40858) * camel-amqp: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage [rhboac-camel-quarkus-3] (CVE-2026-40860) * camel-jms: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage [rhboac-camel-quarkus-3] (CVE-2026-40860) * camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization [rhboac-camel-quarkus-3] (CVE-2026-6857) * jetty-http: HTTP request smuggling via chunked extension quoted-string parsing [rhboac-camel-quarkus-3] (CVE-2026-2332) Join the discussion | GCVE Database | 06/02/2026, 11:27:09 UTC Added: 06/02/2026, 21:43:30 UTC |
Red Hat Security Advisory: RHOAI 2.25.7 - Red Hat OpenShift AICVE-2025-14813 0 Release of RHOAI 2.25.7 provides these changes: Join the discussion | GCVE Database | 06/10/2026, 04:27:13 UTC Added: 05/26/2026, 20:58:00 UTC |
CVE-2026-40858: CWE-502 Deserialization of Untrusted Data in Apache Software Foundation Apache CamelCVE-2026-40858 0 CVE-2026-40858 is a high-severity deserialization vulnerability in the Apache Camel camel-infinispan component. It occurs because the ProtoStream-based remote aggregation repository deserializes data from a remote Infinispan cache using java.io. ObjectInputStream without applying any ObjectInputFilter. An attacker able to write crafted serialized Java objects to the cache can trigger arbitrary code execution during normal repository operations. This affects Apache Camel versions from 4.0.0 before 4.14.7, from 4. Join the discussion | CVE Database V5 | 04/27/2026, 09:38:55 UTC Added: 04/27/2026, 10:00:06 UTC |
Showing 1 to 3 of 3 results