VDB
GCVE-110-NCSC-2026-129
GCVE-110-NCSC-2026-129
Advisory PublishedCVSS 8.8/10
A deserialization vulnerability in Apache Camel's ConsulRegistry component allows attackers with write access to the Consul KV store to execute arbitrary code, affecting versions 3.0.0 to before 4.14.6 and 4.15.0 to before 4.18.1.
Weaknesses (CWE)
CWE-502Deserialization of Untrusted DataCWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-178Improper Handling of Case Sensitivity
Risk Scores
CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Threat Intelligence
Snort Rules (1)
1004047 — CVE-2026-40473 Apache Camel Mina unsafe deserialization attempt
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Apache | vers:unknown/* | — | — |
| Apache Software Foundation | vers:unknown/* | — | — |
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.