CVE-2026-6857
camel-infinispan Vulnerable to Deserialization of Untrusted Data
7.5
HIGH
CVSS 3.1
EPSS 0.65%
描述
A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.
如何修補 CVE-2026-6857
要修補 CVE-2026-6857,請將受影響套件升級到下列已修補版本。
- —升級至 4.20.0 或更新版本
CVE-2026-6857 正在被利用嗎?
低 — EPSS 為 0.7%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 4.20.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |