Deserialization in Apache Software Foundation Camel
CVE-2026-43867
Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata (KeyMetadata) through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleMa…
Vulnerability class: Insecure Deserialization
Affected products
- Apache Software Foundation Camel — versions 4.18.0, 4.19.0
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)