Description
Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component.

JmsBinding.extractBodyFromJms() in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject() whenever the mapJmsMessage option is enabled (the default) and Camel acts as a JMS consumer. The CVE-2026-40860 hardening added a post-deserialization class check that rejects classes outside the default allow-list java.**;javax.**;org.apache.camel.**;!*. However org.apache.camel.support.DefaultExchangeHolder itself lives in the allow-listed org.apache.camel.** namespace, so an ObjectMessage whose top-level object is a DefaultExchangeHolder passes the check. The receiving side then calls DefaultExchangeHolder.unmarshal() on it without requiring the transferExchange option to be enabled - an asymmetric trust boundary, since the sending side gates ObjectMessage and transferExchange handling but the receiving side did not - writing every non-null field of the holder into the Exchange: the message body, the IN and OUT headers, the exchange properties, the variables, the exchange id and the exception. An attacker who can publish an ObjectMessage to a queue or topic consumed by an affected Camel application can therefore inject arbitrary Exchange state using only universally-trusted java.lang and java.util types, with no deserialization gadget chain required, to manipulate routing and headers, exchange properties and error handling. The same handling applies to camel-sjms and camel-sjms2, and to the JMS-family components built on JmsComponent and JmsBinding: camel-amqp, camel-activemq and camel-activemq6. This is a bypass of the CVE-2026-40860 fix rather than a flaw in it.
This issue affects Apache Camel: from 3.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0; Apache Camel: from 3.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.

Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, JMS ObjectMessage handling is disabled by default in camel-jms, camel-sjms and the JMS-family components (a new objectMessageEnabled option defaults to false at the component and endpoint level), so an incoming ObjectMessage - including a DefaultExchangeHolder payload - is no longer deserialized unless the option is explicitly enabled; only set objectMessageEnabled=true when the consumed JMS destination is fed exclusively by trusted producers. For deployments that cannot upgrade immediately, restrict publish access to the queues and topics consumed by Camel to trusted producers via JMS broker authorization, and do not expose JMS consumers that map ObjectMessage bodies to untrusted networks; a JMS-provider deserialization allow-list does not mitigate this specific bypass because the crafted payload uses only universally-trusted classes.
Published: 2026-07-06
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Apache Camel’s JMS component deserializes the payload of an incoming JMS ObjectMessage whenever the mapJmsMessage option is enabled, which is the default. A hardening change added a class whitelist that rejects classes outside the java., javax., and org.apache.camel. namespaces, but the DefaultExchangeHolder class itself resides in the allowed namespace. This allows an attacker to send a JMS ObjectMessage whose top‑level object is a DefaultExchangeHolder, which passes the whitelist check. The component then calls DefaultExchangeHolder.unmarshal() on that payload and writes every non‑null field into the Camel Exchange without requiring the transferExchange option, thereby injecting arbitrary Exchange state such as headers, properties, variables, the message body, the exchange id, and exception information. This bypasses the intended security hardening and gives an attacker the ability to manipulate routing decisions, override headers, alter properties, and trigger exception handling logic, but the description does not explicitly state successful remote code execution.

Affected Systems

Apache Camel versions from 3.0.0 through 4.19.0 prior to 4.21.0 are affected, including the Camel JMS family components—camel‑jms, camel‑sjms, camel‑sjms2—and the JMS‑family components built on JmsComponent such as camel‑amqp, camel‑activemq, and camel‑activemq6. The vulnerable releases are the 4.14.x stream before 4.14.8, the 4.18.x stream before 4.18.3, and the 4.19.x stream before 4.21.0.

Risk and Exploitability

The CVSS score of 7.3 indicates high severity, but the EPSS score is below 1 % and the vulnerability is not listed in CISA’s KEV catalog, suggesting a low current exploitation probability. An attacker must be able to publish a JMS ObjectMessage to a queue or topic consumed by Camel, and the message must contain a DefaultExchangeHolder object. The attack does not rely on exotic gadget chains and requires only universally trusted java.lang and java.util types for the payload, lowering the technical barrier. Availability of the mapJmsMessage option means the risk applies only when that option is enabled; disabling that option or setting objectMessageEnabled=false mitigates the risk. In the absence of those mitigations, an attacker can inject state that could potentially alter application behavior and, depending on the logic of the consumer application, could lead to unintended side effects.

Generated by OpenCVE AI on July 8, 2026 at 05:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Apache Camel to a fixed release (4.21.0 or the stream‑specific 4.14.8 or 4.18.3).
  • Disable or unset the objectMessageEnabled option on camel-jms, camel-sjms, camel-sjms2, and all JMS‑family components; enable it only when the destination is supplied exclusively by trusted producers.
  • Restrict publish access to the queues and topics consumed by Camel via JMS broker authorization and avoid exposing Camel consumers that convert ObjectMessage bodies to untrusted networks.

Generated by OpenCVE AI on July 8, 2026 at 05:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Jul 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache camel
Vendors & Products Apache
Apache camel

Mon, 06 Jul 2026 09:00:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms() in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the payload of an incoming JMS ObjectMessage via jakarta.jms.ObjectMessage.getObject() whenever the mapJmsMessage option is enabled (the default) and Camel acts as a JMS consumer. The CVE-2026-40860 hardening added a post-deserialization class check that rejects classes outside the default allow-list java.**;javax.**;org.apache.camel.**;!*. However org.apache.camel.support.DefaultExchangeHolder itself lives in the allow-listed org.apache.camel.** namespace, so an ObjectMessage whose top-level object is a DefaultExchangeHolder passes the check. The receiving side then calls DefaultExchangeHolder.unmarshal() on it without requiring the transferExchange option to be enabled - an asymmetric trust boundary, since the sending side gates ObjectMessage and transferExchange handling but the receiving side did not - writing every non-null field of the holder into the Exchange: the message body, the IN and OUT headers, the exchange properties, the variables, the exchange id and the exception. An attacker who can publish an ObjectMessage to a queue or topic consumed by an affected Camel application can therefore inject arbitrary Exchange state using only universally-trusted java.lang and java.util types, with no deserialization gadget chain required, to manipulate routing and headers, exchange properties and error handling. The same handling applies to camel-sjms and camel-sjms2, and to the JMS-family components built on JmsComponent and JmsBinding: camel-amqp, camel-activemq and camel-activemq6. This is a bypass of the CVE-2026-40860 fix rather than a flaw in it. This issue affects Apache Camel: from 3.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0; Apache Camel: from 3.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, JMS ObjectMessage handling is disabled by default in camel-jms, camel-sjms and the JMS-family components (a new objectMessageEnabled option defaults to false at the component and endpoint level), so an incoming ObjectMessage - including a DefaultExchangeHolder payload - is no longer deserialized unless the option is explicitly enabled; only set objectMessageEnabled=true when the consumed JMS destination is fed exclusively by trusted producers. For deployments that cannot upgrade immediately, restrict publish access to the queues and topics consumed by Camel to trusted producers via JMS broker authorization, and do not expose JMS consumers that map ObjectMessage bodies to untrusted networks; a JMS-provider deserialization allow-list does not mitigate this specific bypass because the crafted payload uses only universally-trusted classes.
Title Apache Camel, Apache Camel: Camel JMS - CVE-2026-40860 fix bypass via DefaultExchangeHolder
Weaknesses CWE-502
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-07-06T19:10:00.576Z

Reserved: 2026-05-04T11:44:06.700Z

Link: CVE-2026-43866

cve-icon Vulnrichment

Updated: 2026-07-06T19:09:56.676Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-07-06T08:35:04Z

Links: CVE-2026-43866 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T06:00:04Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data