Cyber Resilience

CVE-2026-6857

HighRCEUpdated

Published: 22 April 2026

Published
22 April 2026
Modified
02 June 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0065 71.4th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-6857 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-6857, published on 2026-04-22, is a vulnerability in camel-infinispan involving unsafe deserialization in the ProtoStream remote aggregation repository. Classified under CWE-502: Deserialization of Untrusted Data, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high-impact potential across confidentiality, integrity, and availability.

A remote attacker with low privileges can exploit this flaw by sending specially crafted data over the network, resulting in arbitrary code execution. Successful exploitation allows the attacker to gain full control over the affected system.

Red Hat advisories provide further details on mitigation, including patches, available at https://access.redhat.com/security/cve/CVE-2026-6857 and the Bugzilla entry https://bugzilla.redhat.com/show_bug.cgi?id=2460003.

EU & UK References

Vulnerability details

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker…

more

to gain full control over the affected system, impacting its confidentiality, integrity, and availability.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Remote deserialization flaw (CWE-502) allows low-priv network attacker to achieve arbitrary code execution and full system control, directly enabling T1190 (public-facing app exploitation for initial access) and T1068 (exploitation for privilege escalation from low to high privileges).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-54007Shared CWE-502
CVE-2025-60215Shared CWE-502
CVE-2026-24978Shared CWE-502
CVE-2025-49869Shared CWE-502
CVE-2026-27379Shared CWE-502
CVE-2026-27338Shared CWE-502
CVE-2026-33858Shared CWE-502
CVE-2025-36072Shared CWE-502
CVE-2025-64266Shared CWE-502
CVE-2025-53560Shared CWE-502

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation through vendor patches directly eliminates the unsafe deserialization flaw in camel-infinispan, preventing remote code execution.

prevent

Validating information inputs to the ProtoStream remote aggregation repository prevents processing of specially crafted malicious serialized data.

preventdetect

Boundary protection at network interfaces can filter or inspect incoming crafted data targeting the deserialization vulnerability.

References