A vulnerability, which was classified as critical , was found in Apache Camel up to 4.14.6/4.18.1/4.19.x . This affects an unknown function of the component camel-jms . Such manipulation leads to deserialization. This vulnerability is traded as CVE-2026-40860 . The attack may be launched remotely. There is no exploit available. You should upgrade the affected component.