2 matches found
CVE-2026-46454 Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers
Improper Input Validation vulnerability in Apache Camel Cometd Component. The camel-cometd component maps inbound Bayeux CometD message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplie...
CVE-2026-46454
Apache Camel Cametd component (CVE-2026-46454) allows unauthenticated clients to inject Camel control headers into inbound Bayeux/CometD messages because no HeaderFilterStrategy is applied, causing downstream producers to be influenced by manipulated headers. Affected: Camel versions from 4.0.0 u...