CVE-2026-40473P2HIGHCVSS 8.8≥ 3.0.0, < 4.14.6·≥ 4.15.0, < 4.18.2+1 more2026-04-27
CVE-2026-40473 [HIGH] CWE-502 CVE-2026-40473: The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput (for example via getBody(ObjectInput.class) or @Body Ob
nvd