RHSA-2026:22453HighCVSS 8.8

Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA)

Published
June 2, 2026
Last Modified
June 2, 2026

🔗 CVE IDs covered (4)

CVE-2026-40858CVE-2026-40860CVE-2026-2332CVE-2026-6857

📋 Description

CVE-2026-2332 — org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing CVE-2026-6857 — camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization CVE-2026-40858 — org.apache.camel/camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data CVE-2026-40860 — Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

🔗 References (11)