CVE-2026-25747HIGHCVSS 8.8≥ 3.0.0, < 4.10.9·≥ 4.14.0, < 4.14.5+1 more2026-02-23
CVE-2026-25747 [HIGH] CWE-502 CVE-2026-25747: Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component.
The Camel-LevelD
Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component.
The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. An attacker who can write to the LevelDB database files
nvd