EUVD-2026-24738
GHSA-xfxp-ppx7-cqrp
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.
AnalysisAI
Remote code execution in Red Hat Apache Camel Infinispan component allows low-privileged attackers to execute arbitrary code via unsafe deserialization in ProtoStream remote aggregation repository. Exploiting this vulnerability requires network access and low-privilege credentials but grants full system compromise affecting confidentiality, integrity, and availability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all systems running Red Hat Apache Camel with Infinispan component enabled and document current versions. Within 7 days: Implement network segmentation to restrict Infinispan access to trusted hosts only, revoke or rotate low-privilege credentials with Infinispan access, and disable remote aggregation repository if operationally feasible. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today