Lucene search
K

599 matches found

Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-55993 Apache Camel Atmosphere Websocket: The inbound consumer maps externally-supplied WebSocket query parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers - enabling influencing internal behaviour

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket consumer mapped inbound WebSocket query parameters into the Camel Exchange header...

0.00536EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41849

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket consumer mapped inbound WebSocket query parameters into the Camel Exchange header...

6AI score0.00536EPSS
Exploits0References1
CVE
CVE
added 5 days ago12 views

CVE-2026-55993

CVE-2026-55993 : Apache Camel Atmosphere Websocket Component contains an SSRF/Information Disclosure issue via improper input validation. The camel-atmosphere-websocket consumer maps inbound WebSocket query parameters into the Camel Exchange header map without a HeaderFilterStrategy, allowing ext...

7.5CVSS6AI score0.00536EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-53913

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

6.4AI score0.00619EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-41847

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely 'Failing Open' vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess, which performs three checks ...

6.4AI score0.00619EPSS
Exploits0References1
CVE
CVE
added 5 days ago18 views

CVE-2026-53913

CVE-2026-53913 – Apache Camel Keycloak (camel-keycloak) : The vulnerability arises because the KeycloakSecurityPolicy performs token verification only inside role and permission checks. By default, requiredRoles and requiredPermissions are empty, causing these checks to be skipped while the polic...

9.8CVSS6.4AI score0.00619EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41845

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

6AI score0.00341EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-49098 Apache Camel: Camel-Kafka: The kafka.OVERRIDE_TOPIC (and other kafka.*) Exchange header constants used non-Camel-prefixed names that bypass the upstream HTTP header filter, allowing an HTTP client to redirect Kafka messages to an arbitrary topic

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

0.00385EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-49097 Apache Camel: Camel-IRC: The irc.sendTo (and other irc.*) Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to redirect outgoing IRC messages to arbitrary channels or users

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

0.00428EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-49097

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.1AI score0.00428EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41843

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.5CVSS6.1AI score0.00428EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-49097

CVE-2026-49097 affects Apache Camel’s Camel-IRC component. The issue arises when outbound IRC message destinations are taken from non-Camel header names (irc.sendTo and related irc.* headers), which bypass the HTTP header filter. In routes bridging HTTP to irc:, an attacker could set irc.sendTo t...

6.5CVSS6.1AI score0.00428EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago12 views

CVE-2026-49086

CVE-2026-49086 (Apache Camel DAPR): Affects Camel DAPR Pub/Sub consumer where inbound CloudEvent fields pub/sub-name and topic are copied into routing headers (CamelDaprPubSubName, CamelDaprTopic). The headers are used to direct where messages are published, enabling an attacker who can publish t...

6.5CVSS6AI score0.00426EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago11 views

CVE-2026-48206

Apache Camel JIRA: A vulnerability allows an unauthenticated HTTP client to bypass input validation by supplying non-Camel header names (IssueKey, ProjectKey, IssueTransitionId, etc.) that flow into jira: producers. This lets the attacker potentially drive JIRA operations (delete/transition issue...

5.3CVSS6.1AI score0.00349EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-48205

Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...

6.1AI score0.0037EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41840

Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-48205

Summary: CVE-2026-48205 describes an SSRF vulnerability in the Apache Camel DNS component where DNS operation headers can be supplied via non-Camel header names (dns.server, dns.name, dns.domain, dns.type, dns.class, term) because the HTTP header filter is insufficient. This allows an unauthentic...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-48205 Apache Camel DNS: The dns.* and term Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to influence internal behaviour

Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...

0.0037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-48204

Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...

6AI score0.00452EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-41839

Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...

9.8CVSS6AI score0.00452EPSS
Exploits0References1
Rows per page
Query Builder