3 matches found
CVE-2026-53913
Apache Camel Keycloak (camel-keycloak) CVE-2026-53913 describes a defect where KeycloakSecurityPolicy only verifies the bearer token inside role/permissions checks. With default settings (requiredRoles/requiredPermissions empty), the policy rejects missing tokens but accepts any non-null Authoriz...
EUVD-2026-41847
Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...
CVE-2026-46455
The CVE describes an Insufficient Session Expiration in Apache Camel’s Keycloak integration: KeycloakSecurityHelper.parseAndVerifyAccessToken builds a TokenVerifier with only subject and issuer checks, omitting the default IS_ACTIVE check. As a result, tokens are accepted without enforcing the to...