Threats Tagged 'cve-2026-40860'
View all threats tagged with 'cve-2026-40860'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-40860'
Click on any threat for detailed analysis and mitigation recommendations
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA)CVE-2026-2332 0 An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA). The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products: * camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data [rhboac-camel-quarkus-3] (CVE-2026-40858) * camel-infinispan-common: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data [rhboac-camel-quarkus-3] (CVE-2026-40858) * camel-amqp: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage [rhboac-camel-quarkus-3] (CVE-2026-40860) * camel-jms: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage [rhboac-camel-quarkus-3] (CVE-2026-40860) * camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization [rhboac-camel-quarkus-3] (CVE-2026-6857) * jetty-http: HTTP request smuggling via chunked extension quoted-string parsing [rhboac-camel-quarkus-3] (CVE-2026-2332) Join the discussion | GCVE Database | 06/02/2026, 11:27:09 UTC Added: 06/02/2026, 21:43:30 UTC |
Red Hat Security Advisory: RHOAI 2.25.7 - Red Hat OpenShift AICVE-2025-14813 0 Release of RHOAI 2.25.7 provides these changes: Join the discussion | GCVE Database | 06/10/2026, 04:27:13 UTC Added: 05/26/2026, 20:58:00 UTC |
CVE-2026-40860: CWE-502 Deserialization of Untrusted Data in Apache Software Foundation Apache CamelCVE-2026-40860 0 CVE-2026-40860 is a critical deserialization vulnerability in Apache Camel's JMS components. The vulnerability arises because the JmsBinding.extractBodyFromJms() method deserializes incoming JMS ObjectMessage payloads without applying any filtering or allowlisting, enabling potential remote code execution if a malicious ObjectMessage is consumed. This affects Apache Camel versions from 3.0.0 before 4.14.7, from 4.15.0 before 4. Join the discussion | CVE Database V5 | 04/27/2026, 08:03:19 UTC Added: 04/27/2026, 09:15:07 UTC |
Showing 1 to 3 of 3 results