Lucene search
K

8 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-49097

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.5CVSS0.00428EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-41853

Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata KeyMetadata through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata reads that metadata back from the...

9.8CVSS6.4AI score0.00691EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-40047

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Camel Docling component. The camel-docling component invokes the external docling command-line tool by assembling an argument list in DoclingProducer and executing it through...

5.9AI score0.01569EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/04/27 11:16 a.m.9 views

CVE-2026-27172

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

8.8CVSS0.00667EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/27 9:59 a.m.8 views

CVE-2026-27172

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

9.8CVSS8.6AI score0.01145EPSS
Exploits3References2Affected Software1
EUVD
EUVD
added 2026/04/27 7:51 a.m.6 views

EUVD-2026-25792

The camel-mina component's MinaConverter.toObjectInputIoBuffer type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP consumer and requests conversion to ObjectInput f...

8.8CVSS6.2AI score0.00926EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.21 views

PT-2026-35370

Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.0.0 through 4.14.5 Apache Camel versions 4.15.0 through 4.18.1 Apache Camel versions 4.19.0 through 4.19.x Description Certain non-HTTP HeaderFilterStrategy implementations, specifically JmsHeaderFilterStrategy and...

9.9CVSS6.5AI score0.0086EPSS
Exploits1References26
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.17 views

PT-2026-35393

The ConsulRegistry in the camel-consul component class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.readObject without configuring an ObjectInputFilte...

6.2AI score0.00667EPSS
Exploits1References2
Rows per page
Query Builder