A vulnerability, which was classified as critical , has been found in Apache Camel up to 4.14.6/4.18.1/4.19.x . The impacted element is an unknown function of the component Camel-Infinispan . This manipulation causes deserialization. This vulnerability appears as CVE-2026-40858 . The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.