VYPR

Maven package

org.apache.camel/camel-pqc

pkg:maven/org.apache.camel/camel-pqc

Vulnerabilities (1)

  • CVE-2026-40048HigApr 27, 2026
    affected < 4.18.2fixed 4.18.2

    The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to `java.security.KeyPair` is evaluated