Apache Camel: Camel-Mail: Camel-Mail: Altered application behavior via header injection

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...

Apache Camel: Camel-Mail: Camel-Mail: Altered application behavior via header injection

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...

CVE-2026-33454

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...

io.automatiko.addons.services:automatiko-receive-email-addon (>=0.7.0 <=0.46.0), org.apache.camel.kafkaconnector:camel-imap-kafka-connector (>=0.1.0 <=0.11.5) +21 more potentially affected by CVE-2026-33454 via org.apache.camel:camel-mail (>=3.0.0 <=4.14.5)

org.apache.camel:camel-mail MAVEN version =3.0.0, =0.7.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =1.0.0, =3.25.0, =1.0.0, =1.0.0, =3.19.0, =3.27.3 and more Source cves: CVE-2026-33454https://...

GHSA-2VQF-X7G4-7C2G Apache Camel's Camel-Mail component is vulnerable to Camel message header injection

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

Apache Camel's Camel-Mail component is vulnerable to Camel message header injection

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

Deserialization of Untrusted Data

Overview org.apache.camel:camel-mail is a Camel Mail support. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the MailHeaderFilterStrategy component. An attacker can execute arbitrary code or alter application behavior by injecting specially crafted MIME...

io.automatiko.addons.services:automatiko-receive-email-addon (>=0.7.0 <=0.46.0), org.apache.camel.kafkaconnector:camel-imap-kafka-connector (>=0.1.0 <=0.11.5) +22 more potentially affected by CVE-2026-33454 via org.apache.camel:camel-mail (>=3.0.0-M1 <=4.14.5)

org.apache.camel:camel-mail MAVEN version =3.0.0-M1, =0.7.0, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =0.2.0, =3.25.0, =0.2.0, =0.2.0, =3.19.0, =3.27.3 and more Source cves: CVE-2026-33454https...

CVE-2026-33454

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

CVE-2026-33454

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

CVE-2026-33454 Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

EUVD-2026-25806

The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the 'in' direction via setInFilterStartsWith. As a...

CVE-2026-33454

The CVE describes an inbound header filtering gap in Camel-Mail (MailHeaderFilterStrategy): inbound headers are not filtered, allowing attacker-delivered email to inject Camel-specific headers that can influence downstream components (e.g., camel-bean, camel-exec, camel-sql). Affected: Apache Cam...

PT-2026-35384

CVE-2026-33454 The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component MailHeaderFilterStrategy only filt… https://t.co/aFcj2mALO4...

Apache Camel 代码问题漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

EUVD-2018-0633

Malware in sbrugna...

Important: Red Hat Security Advisory: Red Hat Fuse 7.2 security update

An update is now available for Red Hat Fuse. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

camel-mail: path traversal vulnerability

Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal...

org.apache.camel:camel-mail-starter (=2.22.0), org.nhind:direct-msg-monitor (>=6.0 <=8.1.0) +3 more potentially affected by CVE-2018-8041 via org.apache.camel:camel-mail (=2.22.0)

org.apache.camel:camel-mail MAVEN version =2.22.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-mail and may be impacted: - org.apache.camel:camel-mail-starter =2.22.0 - org.nhind:direct-msg-monitor =6.0, =6.0, =6.0, =8.1.0 -...

org.apache.camel:camel-mail-starter (>=2.20.0 <=2.20.3), org.wildfly.camel.example:example-camel-mail (>=5.0.0 <=5.1.0) potentially affected by CVE-2018-8041 via org.apache.camel:camel-mail (>=2.20.0 <=2.20.3)

org.apache.camel:camel-mail MAVEN version =2.20.0, =2.20.0, =5.0.0, =5.1.0 Source cves: CVE-2018-8041 Source advisory: OSV:GHSA-JV74-F9PJ-XP3F...