Important: Red Hat Security Advisory: Red Hat build of Apache Camel 4.18 for Quarkus 3.33 security update

A security update for Red Hat build of Apache Camel 4.18 for Quarkus 3.33 is now available. This text-only errata provides information about enhancements that improve your developer experience and ensure the security and stability of your applications. Red Hat Product Security has rated this upda...

Important: Red Hat Security Advisory: HawtIO 4.4.0 for Red Hat build of Apache Camel 4 Release and security update.

HawtIO 4.4.0 for Red Hat build of Apache Camel 4 GA Release is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update ...

CVE-2026-45760

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

CVE-2026-47323

A flaw was found in Apache Camel. An unauthenticated attacker could inject Camel-internal headers via HTTP requests to CXF-RS or CXF-SOAP endpoints due to missing inbound filtering in the HeaderFilterStrategy implementations. This allows the attacker to override configured values when messages ar...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available (RHBQ 3.33.1.GA)

An update for Red Hat Build of Apache Camel 4.18 for Quarkus 3.33 update is now available RHBQ 3.33.1.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

Apache Camel: camel-jms: camel-sjms: camel-sjms2: camel-amqp: camel-activemq: camel-activemq6: Apache Camel: Remote Code Execution via deserialization of JMS ObjectMessage

A flaw was found in Apache Camel. A remote attacker could exploit a deserialization vulnerability by sending a specially crafted Java Message Service JMS ObjectMessage to a Camel application acting as a JMS consumer. This vulnerability arises because the application deserializes the message paylo...

org.apache.camel/camel-infinispan: Apache Camel camel-infinispan: Arbitrary code execution via deserialization of untrusted data

A flaw was found in the camel-infinispan component of Apache Camel. A remote attacker, with the ability to write to the Infinispan cache, can inject a specially crafted serialized Java object. When this object is deserialized during normal aggregation repository operations, it can lead to arbitra...

camel-infinispan: camel-infinispan: Remote Code Execution via Unsafe Deserialization

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...

io.fabric8.examples:fabric-activemq-demo (>=1.1.0.Beta1 <=1.2.0.redhat-133), io.fabric8.mq:camel-amq (=1.2.0.redhat-133) +17 more potentially affected by CVE-2026-42253 via org.apache.activemq:activemq-web (>=6.0.0 <=6.2.5)

org.apache.activemq:activemq-web MAVEN version =6.0.0, =1.1.0.Beta1, =1.1.0.Beta1, =1.1.0.Beta1, =4.2.9.hyte-4296, =4.2.9.hyte-4296, =4.2.9.hyte-4296, =4.2.9.hyte-4296, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.5 - org.apache.camel:camel-activemq =1.0.0 - org.apache.camel:camel-example-jms-file =1.0.0...

org.apache.axis2:axis2-integration (=1.4), org.apache.camel:camel-example-cxf (=1.3.0) +2 more potentially affected by CVE-2026-49157 via org.apache.activemq:apache-activemq (=5.0.0)

org.apache.activemq:apache-activemq MAVEN version =5.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.activemq:apache-activemq and may be impacted: - org.apache.axis2:axis2-integration =1.4 - org.apache.camel:camel-example-cxf =1.3.0 -...

org.apache.camel:camel-activemq (=1.0.0), org.apache.camel:camel-example-jms-file (=1.0.0) +1 more potentially affected by CVE-2026-49157 via org.apache.activemq:apache-activemq (=6.2.5)

org.apache.activemq:apache-activemq MAVEN version =6.2.5 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.activemq:apache-activemq and may be impacted: - org.apache.camel:camel-activemq =1.0.0 - org.apache.camel:camel-example-jms-file =1.0.0 ...

CVE-2026-27172

A flaw was found in the camel-consul component of Apache Camel. An attacker with write access to the Consul Key-Value KV store could inject a malicious serialized Java object. When Apache Camel's ConsulRegistry deserializes this object, it can lead to arbitrary code execution within the Camel...

cloud.opencode.base:opencode-base-token (=1.0.0), com.flowlogix.depchain:shiro-jakarta (>=18 <=119) +22 more potentially affected by CVE-2026-44598 via org.apache.shiro:shiro-jakarta-ee (>=2.0.0-alpha-1 <=2.1.0)

org.apache.shiro:shiro-jakarta-ee MAVEN version =2.0.0-alpha-1, =18, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.82.10, =0.82.10, =4.7.0, =3.10.0, =3.10.0, =3.10.0, =4.5.0, =4.20.0 and more Source cves: CVE-2026-44598 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-17115416...

CVE-2026-40473

A flaw was found in the camel-mina component of Apache Camel. This vulnerability allows a remote attacker to achieve arbitrary code execution by sending a specially crafted serialized Java object over the network to the MINA consumer port. The MinaConverter.toObjectInput type converter, used when...

CVE-2026-45760

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

EUVD-2026-31268

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

CVE-2026-45760 Apache Camel K: Camel K Cross-Namespace Build Deputy Attack

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

CVE-2026-45760

Apache Camel K (CVE-2026-45760) contains a cross-namespace build execution vulnerability: authorized users in a Kubernetes namespace can create a Build resource that controls Pod generation in a target namespace, including the operator namespace, via externally controlled resource references and ...

CVE-2026-45760

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...

CVE-2026-45760 Apache Camel K: Camel K Cross-Namespace Build Deputy Attack

Externally Controlled Reference to a Resource in Another Sphere, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the...