Deserialization in Apache Software Foundation Camel

CVE-2026-42527

Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering ('java.**;javax.**;org.apache.camel.**;!*'…

Vulnerability class: Insecure Deserialization

Affected products

Weakness classification (CWE)

References