328 matches found
CVE-2026-58465
Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...
CVE-2026-58465
Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerability in the CoAP Block1 handler within coap/block.c that allows unauthenticated remote attackers to exhaust server memory by sending a sequence of Block1 PUT requests with incrementing block numbers...
CVE-2026-58465
The CVE affects Eclipse Wakaama before snapshot/2026-05-26, with an unbounded memory allocation in the CoAP Block1 handler (coap/block.c). Unauthenticated remote attackers can exhaust memory by sending a sequence of Block1 PUT requests with incrementing block numbers to the registration endpoint ...
PT-2026-55282
Name of the Vulnerable Software and Affected Versions Eclipse Wakaama versions prior to snapshot/2026-05-26 Description An unbounded memory allocation issue exists in the CoAP Block1 handler within the coap/block.c file. Unauthenticated remote attackers can cause a denial of service by sending a...
OSV-2026-762 Heap-buffer-overflow in coap_pdu_parse_header
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513783540 Crash type: Heap-buffer-overflow READ 1 Crash state: coappduparseheader coappduparse2 coappduparse...
OSV-2026-747 Heap-buffer-overflow in coap_persist_startup_lkd
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513035615 Crash type: Heap-buffer-overflow READ 8 Crash state: coappersiststartuplkd persisttarget.c...
OSV-2026-736 Heap-buffer-overflow in coap_pdu_parse_header
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512517700 Crash type: Heap-buffer-overflow READ 1 Crash state: coappduparseheader coappduparse2 coappduparse...
OSV-2026-720 Heap-buffer-overflow in coap_persist_startup_lkd
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=511948388 Crash type: Heap-buffer-overflow READ 8 Crash state: coappersiststartuplkd persisttarget.c...
Exploit for CVE-2026-33453
Apache Camel 4.18.0 — CVE Security Assessment Three critical...
GHSA-695C-X5GC-94GJ Apache camel-coap allows header injection that can lead to remote code execution
Apache Camel's camel-coap component is vulnerable to header injection because it maps CoAP request URI query parameters directly into Camel message headers without applying a HeaderFilterStrategy. An unauthenticated attacker can send a crafted CoAP request to inject arbitrary Camel internal heade...
Apache camel-coap allows header injection that can lead to remote code execution
Apache Camel's camel-coap component is vulnerable to header injection because it maps CoAP request URI query parameters directly into Camel message headers without applying a HeaderFilterStrategy. An unauthenticated attacker can send a crafted CoAP request to inject arbitrary Camel internal heade...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...
org.apache.camel.kafkaconnector:camel-coap-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.kafkaconnector:camel-coap-tcp-kafka-connector (>=0.1.0 <=0.11.5) +9 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-coap (>=3.0.0-M1 <=4.14.5)
org.apache.camel:camel-coap MAVEN version =3.0.0-M1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3.0.0, =3.0.0-M1, =3.0.0-RC3 Source cves: CVE-2026-40453 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321638...
Improper Handling of Case Sensitivity
Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to a flaw in the default filtering mechanism HeaderFilterStrategy that only blocks headers starting with specific prefixes. An attacker can execute arbitrary code and write files by injecting...
org.apache.camel.kafkaconnector:camel-coap-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.kafkaconnector:camel-coap-tcp-kafka-connector (>=0.1.0 <=0.11.5) +8 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-coap (>=3.0.0 <=4.14.5)
org.apache.camel:camel-coap MAVEN version =3.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3.0.0, =4.14.5 Source cves: CVE-2026-40453 Source advisory: OSV:GHSA-JG2M-9X48-3GVJ...
CVE-2026-40453
The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...
CVE-2026-40453 Apache Camel JMS, Apache Camel CoAP, Apache Camel Google PubSub: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection
The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...
EUVD-2026-25791
The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...
CVE-2026-40453
Apache Camel non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) are affected by an incomplete fix for CVE-2025-27636. The fix added setLowerCase(true) to HttpHeaderFilterStrategy, but five non-HTTP implementations still use case-sensitive header filtering, wh...