Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-46726

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...

6AI score0.0024EPSS
Exploits0References2Affected Software1
CVE
CVE
added yesterday6 views

CVE-2026-46726

Apache Camel Vertx Websocket: the inbound WebSocket consumer maps external query/path parameters into the Exchange header map without HeaderFilterStrategy, enabling injection of Camel headers (e.g., CamelHttpUri) and potential server-side request forgery (SSRF) to attacker-controlled URIs. The HT...

7.5CVSS6AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-41837

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...

7.5CVSS6AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-40859 Apache Camel: Camel-Vertx-Http: Unsafe Java deserialization of HTTP response bodies via a raw ObjectInputStream when transferException is enabled

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter...

0.00394EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-40859

CVE-2026-40859 – Apache Camel Camel-Vertx-Http deserialization vulnerability : The camel-vertx-http component deserializes HTTP response bodies with Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream without an ObjectInputFilter, when transferException=true (o...

8.1CVSS6.7AI score0.00394EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-40859

Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying any ObjectInputFilter...

6.7AI score0.00394EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder