8 matches found
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the KeycloakSecurityPolicy which does not validate the iss issuer claim of JWT tokens against the configured realm. An attacker can gain unauthorized access to resources by providing a JWT token issued by a...
org.apache.camel.quarkus:camel-quarkus-integration-test-keycloak (=3.31.0), org.apache.camel.quarkus:camel-quarkus-keycloak (>=3.29.0 <=3.31.0) +2 more potentially affected by CVE-2026-23552 via org.apache.camel:camel-keycloak (>=4.15.0 <=4.17.0)
org.apache.camel:camel-keycloak MAVEN version =4.15.0, =3.29.0, =3.29.0, =4.15.0, =4.17.0 Source cves: CVE-2026-23552 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-15353481...
org.apache.camel.quarkus:camel-quarkus-integration-test-keycloak (=3.31.0), org.apache.camel.quarkus:camel-quarkus-keycloak (>=3.29.0 <=3.31.0) +2 more potentially affected by CVE-2026-23552 via org.apache.camel:camel-keycloak (>=4.15.0 <=4.17.0)
org.apache.camel:camel-keycloak MAVEN version =4.15.0, =3.29.0, =3.29.0, =4.15.0, =4.17.0 Source cves: CVE-2026-23552 Source advisory: OSV:GHSA-C3F3-CC42-XR9V...
CVE-2026-23552
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...
CVE-2026-23552
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...
CVE-2026-23552 Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...
CVE-2026-23552 Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...
CVE-2026-23552
Summary: CVE-2026-23552 describes an authentication bypass in Apache Camel’s Camel-Keycloak integration via the KeycloakSecurityPolicy. Affected software: Apache Camel versions 4.15.0 through 4.17.9 (per the CVE entry and related Nessus/Red Hat entries). Root cause (as stated): The KeycloakSecuri...