CVE-2026-33454 Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...