Lucene search
K

6 matches found

Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-49098 Apache Camel: Camel-Kafka: The kafka.OVERRIDE_TOPIC (and other kafka.*) Exchange header constants used non-Camel-prefixed names that bypass the upstream HTTP header filter, allowing an HTTP client to redirect Kafka messages to an arbitrary topic

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

0.00385EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-41844

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

6.1AI score0.00385EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-55905

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection issue exists in the Apache Camel Kafka component due to improper input validation and...

5.3CVSS6.2AI score0.00385EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/19 3:54 a.m.12 views

CVE-2026-55226

When deploying only the Topic Operator or only the User Operator via the Kafka custom resource, the Entity Operator's ServiceAccount retains RBAC rights for both operators rather than scoping permissions to the one actually deployed. This allows the ServiceAccount to access KafkaUser custom...

5.4CVSS5.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51072

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description A CoreWCF service listening on a Kafka topic stops processing new records when the KafkaTransportPump receives a null-value tombstone record. A tombstone record is a...

6.5CVSS6AI score0.00336EPSS
Exploits0References12
NVD
NVD
added 2026/06/02 4:16 p.m.16 views

CVE-2026-45080

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...

6.9CVSS0.00249EPSS
Exploits0References2
Rows per page
Query Builder