Deserialization in Apache Software Foundation Camel
CVE-2026-43866
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms() in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMe…
Vulnerability class: Insecure Deserialization
Affected products
- Apache Software Foundation Camel — versions 3.0.0, 4.15.0, 4.19.0
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)