{"vulnerability": "CVE-2026-43867", "sightings": [{"uuid": "6a914c9f-6621-4caf-8c0a-9ddbdbf13900", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43867", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpytz72vl22k", "content": "CVE-2026-43867: Apache Camel: Camel-PQC: The AWS Secrets Manager key-lifecycle manager deserializes persisted key metadata with java.io.ObjectInputStream and no ObjectInputFilter", "creation_timestamp": "2026-07-06T19:43:51.915757Z"}, {"uuid": "edd6e404-e9c1-4933-b7ee-f6af3e90d335", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43867", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpywieasws2x", "content": "CVE-2026-43867 - apache camel\nApache Camel's key manager can execute malicious code when it reads key metadata from AWS Secrets Manager. This happens if an attacker has write access to the AWS\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachecamel #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-06T20:28:15.887731Z"}, {"uuid": "6f976c30-7374-4e2c-a3c1-fec368ed5e07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-43867", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mq46weloyk23", "content": "\ud83d\udccc CVE-2026-43867 - Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component.\n\nThe camel-pqc component persists post-quantum key metadata (KeyMetadat... https://www.cyberhub.blog/cves/CVE-2026-43867", "creation_timestamp": "2026-07-08T03:37:05.967110Z"}]}