CVE-2026-49098
The CVE describes an injection-type flaw in the Apache Camel Kafka Component where the kafka.OVERRIDE_TOPIC (and related kafka.* headers) can override the endpoint topic at runtime. KafkaProducer.evaluateTopic() returns the header value in preference to the endpoint topic, and headers pass throug...