Cyber Posture

CVE-2026-6857

HighRCE

Published: 22 April 2026

Published
22 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0041 61.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6857 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely remediation through vendor patches directly eliminates the unsafe deserialization flaw in camel-infinispan, preventing remote code execution.

SI-10 Information Input Validation good match
prevent

Validating information inputs to the ProtoStream remote aggregation repository prevents processing of specially crafted malicious serialized data.

SC-7 Boundary Protection partial match
preventdetect

Boundary protection at network interfaces can filter or inspect incoming crafted data targeting the deserialization vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Remote deserialization flaw (CWE-502) allows low-priv network attacker to achieve arbitrary code execution and full system control, directly enabling T1190 (public-facing app exploitation for initial access) and T1068 (exploitation for privilege escalation from low to high privileges).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker…

more

to gain full control over the affected system, impacting its confidentiality, integrity, and availability.

Deeper analysisAI

CVE-2026-6857, published on 2026-04-22, is a vulnerability in camel-infinispan involving unsafe deserialization in the ProtoStream remote aggregation repository. Classified under CWE-502: Deserialization of Untrusted Data, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high-impact potential across confidentiality, integrity, and availability.

A remote attacker with low privileges can exploit this flaw by sending specially crafted data over the network, resulting in arbitrary code execution. Successful exploitation allows the attacker to gain full control over the affected system.

Red Hat advisories provide further details on mitigation, including patches, available at https://access.redhat.com/security/cve/CVE-2026-6857 and the Bugzilla entry https://bugzilla.redhat.com/show_bug.cgi?id=2460003.

Details

CWE(s)
CWE-502

CVEs Like This One

CVE-2026-24954Shared CWE-502
CVE-2026-27685Shared CWE-502
CVE-2025-14476Shared CWE-502
CVE-2025-60215Shared CWE-502
CVE-2025-36072Shared CWE-502
CVE-2025-59245Shared CWE-502
CVE-2026-22346Shared CWE-502
CVE-2026-24978Shared CWE-502
CVE-2026-24981Shared CWE-502
CVE-2025-50004Shared CWE-502

References