VDB

GCVE-110-NCSC-2026-129

GCVE-110-NCSC-2026-129
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published April 29, 2026
A deserialization vulnerability in Apache Camel's ConsulRegistry component allows attackers with write access to the Consul KV store to execute arbitrary code, affecting versions 3.0.0 to before 4.14.6 and 4.15.0 to before 4.18.1.

Weaknesses (CWE)

CWE-502Deserialization of Untrusted DataCWE-288Authentication Bypass Using an Alternate Path or ChannelCWE-178Improper Handling of Case Sensitivity

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Threat Intelligence

Snort Rules (1)

1004047 — CVE-2026-40473 Apache Camel Mina unsafe deserialization attempt

Affected Products

VendorProductVersionsPlatforms
Apachevers:unknown/*
Apache Software Foundationvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›