PatchSiren cyber security CVE debrief
CVE-2026-6857 Red Hat CVE debrief
CVE-2026-6857 is a high-severity unsafe deserialization issue in camel-infinispan’s ProtoStream remote aggregation repository. The described impact is remote code execution via specially crafted data, which can compromise confidentiality, integrity, and availability. NVD currently lists the record as "Awaiting Analysis," and the supplied references point to Red Hat advisories and tracking, but the affected-version scope is not fully established in the source corpus.
- Vendor
- Red Hat
- Product
- Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-22
- Original CVE updated
- 2026-05-21
- Advisory published
- 2026-04-22
- Advisory updated
- 2026-05-21
Who should care
Teams operating camel-infinispan or related integrations, especially environments that accept or process remote ProtoStream data. Security and platform owners should treat this as a priority if the component is reachable from untrusted networks or handles data from lower-trust users.
Technical summary
The flaw is described as unsafe deserialization in the ProtoStream remote aggregation repository. The attacker model in the supplied description is a remote attacker with low privileges who can send specially crafted data and trigger arbitrary code execution. The CVSS vector provided by the source is CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, which aligns with a network-reachable RCE-style weakness. The supplied weakness classification is CWE-502 (deserialization of untrusted data).
Defensive priority
High priority: prioritize review, containment, and vendor guidance for any deployment that uses camel-infinispan.
Recommended defensive actions
- Inventory deployments that include camel-infinispan and identify any reachable ProtoStream remote aggregation paths.
- Check the Red Hat advisory and CVE page for product-specific affected versions and remediation guidance.
- Apply vendor updates or mitigations as soon as they are available for the affected release train.
- Restrict network exposure to the component and limit which principals can submit data to the deserialization path.
- Monitor for anomalous deserialization errors, unexpected process launches, or other signs of code execution.
- If you cannot immediately patch, place compensating controls around authentication, network segmentation, and least privilege for the service.
Evidence notes
Source-backed facts in this debrief are limited to the NVD record and the Red Hat references embedded in it. The supplied description states unsafe deserialization in camel-infinispan’s ProtoStream remote aggregation repository leading to arbitrary code execution. NVD metadata in the source snapshot shows vulnStatus "Awaiting Analysis," CVSS 7.5 HIGH, vector CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H, and CWE-502. The corpus does not provide affected versions or confirmed exploitation data.
Official resources
Published by the source on 2026-04-22 and last modified on 2026-05-21. The source corpus does not include confirmed exploitation, KEV listing, or a complete affected-version matrix. Treat vendor guidance as the authoritative remediation set