599 matches found
CVE-2026-55993 Apache Camel Atmosphere Websocket: The inbound consumer maps externally-supplied WebSocket query parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling influencing internal behaviour
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket consumer mapped inbound WebSocket query parameters into the Camel Exchange header...
EUVD-2026-41849
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket consumer mapped inbound WebSocket query parameters into the Camel Exchange header...
CVE-2026-55993
CVE-2026-55993 : Apache Camel Atmosphere Websocket Component contains an SSRF/Information Disclosure issue via improper input validation. The camel-atmosphere-websocket consumer maps inbound WebSocket query parameters into the Camel Exchange header map without a HeaderFilterStrategy, allowing ext...
CVE-2026-53913
Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...
EUVD-2026-41847
Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...
CVE-2026-53913
CVE-2026-53913 – Apache Camel Keycloak (camel-keycloak) : The vulnerability arises because the KeycloakSecurityPolicy performs token verification only inside role and permission checks. By default, requiredRoles and requiredPermissions are empty, causing these checks to be skipped while the polic...
EUVD-2026-41845
Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...
CVE-2026-49098 Apache Camel: Camel-Kafka: The kafka.OVERRIDE_TOPIC (and other kafka.*) Exchange header constants used non-Camel-prefixed names that bypass the upstream HTTP header filter, allowing an HTTP client to redirect Kafka messages to an arbitrary topic
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...
CVE-2026-49097 Apache Camel: Camel-IRC: The irc.sendTo (and other irc.*) Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to redirect outgoing IRC messages to arbitrary channels or users
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...
CVE-2026-49097
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...
EUVD-2026-41843
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...
CVE-2026-49097
CVE-2026-49097 affects Apache Camel’s Camel-IRC component. The issue arises when outbound IRC message destinations are taken from non-Camel header names (irc.sendTo and related irc.* headers), which bypass the HTTP header filter. In routes bridging HTTP to irc:, an attacker could set irc.sendTo t...
CVE-2026-49086
CVE-2026-49086 (Apache Camel DAPR): Affects Camel DAPR Pub/Sub consumer where inbound CloudEvent fields pub/sub-name and topic are copied into routing headers (CamelDaprPubSubName, CamelDaprTopic). The headers are used to direct where messages are published, enabling an attacker who can publish t...
CVE-2026-48206
Apache Camel JIRA: A vulnerability allows an unauthenticated HTTP client to bypass input validation by supplying non-Camel header names (IssueKey, ProjectKey, IssueTransitionId, etc.) that flow into jira: producers. This lets the attacker potentially drive JIRA operations (delete/transition issue...
CVE-2026-48205
Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...
EUVD-2026-41840
Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...
CVE-2026-48205
Summary: CVE-2026-48205 describes an SSRF vulnerability in the Apache Camel DNS component where DNS operation headers can be supplied via non-Camel header names (dns.server, dns.name, dns.domain, dns.type, dns.class, term) because the HTTP header filter is insufficient. This allows an unauthentic...
CVE-2026-48205 Apache Camel DNS: The dns.* and term Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to influence internal behaviour
Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...
CVE-2026-48204
Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...
EUVD-2026-41839
Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...