Vulnerability Report

CVE-2026-6857

RCE

Title: Unsafe deserialization in ProtoStream remote aggregation repository

RCE

Proof Of Concept

PoC Available for CVE-2026-6857

CWE Category CWE-502
Published Date Apr 22, 2026
Modified Date Jun 02, 2026
Exploit Status Available
Score 7.5 CVSS v3.1
Exploit Probability (EPSS)
0.67%

Vulnerability Summary

CVE-2026-6857: A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.

Impacted Vendors

Analysis in Progress...

Reference Links

https://access.redhat.com/security/cve/CVE-2026-6857 https://bugzilla.redhat.com/show_bug.cgi?id=2460003
CVSS v3.1
Source Entity [email protected]
Severity HIGH
7.5
Attack Vector
NETWORK
Complexity
HIGH
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-6857 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/HORKimhab/CVE-2026-6857
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity HIGH
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.