Apache Camel: Camel Message Header Injection via Improper Filtering

🗓️ 09 Mar 2025 15:31:19Reported by GitHub Advisory DatabaseType

Apache Camel vulnerability allows header injection in certain conditions; upgrade recommended to mitigate risks.

Reporter	Title	Published	Views	Family All 59
GithubExploit	Exploit for Improper Handling of Case Sensitivity in Apache Camel	9 Mar 202509:42	–	githubexploit
GithubExploit	Exploit for Improper Neutralization of Internal Special Elements in Apache Camel	23 Oct 202509:54	–	githubexploit
Akamai Blog	Detecting and Mitigating the Apache Camel Vulnerabilities	11 Mar 202516:00	–	akamaiblog
ATTACKERKB	CVE-2026-47323	19 May 202612:25	–	attackerkb
ATTACKERKB	CVE-2026-40453	27 Apr 202608:23	–	attackerkb
ATTACKERKB	CVE-2026-33454	27 Apr 202609:42	–	attackerkb
Tenable Nessus	Apache Camel 3.10.0 < 3.22.4 / 4.8.x < 4.8.5 / 4.10.x < 4.10.2 Message Header Injection (CVE-2025-27636)	18 Mar 202500:00	–	nessus
Circl	CVE-2025-27636	9 Mar 202515:26	–	circl
CNNVD	Apache Camel 安全漏洞	9 Mar 202500:00	–	cnnvd
CNNVD	Apache Camel 安全漏洞	12 Mar 202500:00	–	cnnvd

Vulners

Node

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-27636
lists	www.lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z
openwall	www.openwall.com/lists/oss-security/2025/03/09/1
issues	www.issues.apache.org/jira/browse/CAMEL-21828
camel	www.camel.apache.org/security/CVE-2025-27636.html
github	www.github.com/apache/camel/commit/23a833eec6131a3cdce6e4b1b40b3ac2035b6adf
github	www.github.com/apache/camel/commit/45a6b74f7f8af8fd58f197566938a9534392a624
github	www.github.com/apache/camel/blob/camel-4.9.0/core/camel-support/src/main/java/org/apache/camel/support/DefaultHeaderFilterStrategy.java
github	www.github.com/akamai/CVE-2025-27636-Apache-Camel-PoC/blob/main/src/main/java/com/example/camel/VulnerableCamel.java
github	www.github.com/advisories/GHSA-2c2h-2855-mf97

25 Mar 2025 18:38Current

5.3Medium risk

Vulners AI Score5.3

CVSS 3.15.6

EPSS0.5206

SSVC