Deserialization in Apache Software Foundation Camel

CVE-2026-43866

Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms() in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMe…

Vulnerability class: Insecure Deserialization

Affected products

Weakness classification (CWE)

References