Deserialization in Apache Software Foundation Camel

CVE-2026-40859

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, withou…

Vulnerability class: Insecure Deserialization

Affected products

Weakness classification (CWE)

References