CVE-2026-47323 Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering

🗓️ 19 May 2026 12:25:49Reported by apacheType

CVE-2026-47323: Camel CXF and Knative header injection due to missing inbound filtering enables remote code execution.

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2026-47323	19 May 202612:25	–	attackerkb
Circl	CVE-2026-47323	19 May 202616:51	–	circl
CNNVD	Apache Camel 安全漏洞	19 May 202600:00	–	cnnvd
CVE	CVE-2026-47323	19 May 202612:25	–	cve
EUVD	EUVD-2026-30895	19 May 202612:25	–	euvd
Github Security Blog	Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering	19 May 202615:31	–	github
NVD	CVE-2026-47323	19 May 202614:16	–	nvd
OSV	GHSA-8364-HFQJ-PWM6 Camel-CXF and Camel-Knative Message Header are Vulnerable to Injection via Missing Inbound Filtering	19 May 202615:31	–	osv
Positive Technologies	PT-2026-41898	19 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-47323	4 Jun 202604:22	–	redhatcve

[
  {
    "collectionURL": "https://repo.maven.apache.org/maven2",
    "defaultStatus": "unaffected",
    "packageName": "org.apache.camel:camel-cxf-rest",
    "product": "Apache Camel",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "4.14.6",
        "status": "affected",
        "version": "3.18.0",
        "versionType": "semver"
      },
      {
        "lessThan": "4.18.2",
        "status": "affected",
        "version": "4.15.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
camel	www.camel.apache.org/security/CVE-2026-47323.html

19 May 2026 12:25Current

EPSS0.00985

CWE-178