OSV-2026-762 Heap-buffer-overflow in coap_pdu_parse_header

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513783540 Crash type: Heap-buffer-overflow READ 1 Crash state: coappduparseheader coappduparse2 coappduparse...

OSV-2026-747 Heap-buffer-overflow in coap_persist_startup_lkd

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=513035615 Crash type: Heap-buffer-overflow READ 8 Crash state: coappersiststartuplkd persisttarget.c...

OSV-2026-736 Heap-buffer-overflow in coap_pdu_parse_header

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=512517700 Crash type: Heap-buffer-overflow READ 1 Crash state: coappduparseheader coappduparse2 coappduparse...

OSV-2026-720 Heap-buffer-overflow in coap_persist_startup_lkd

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=511948388 Crash type: Heap-buffer-overflow READ 8 Crash state: coappersiststartuplkd persisttarget.c...

Exploit for CVE-2026-33453

Apache Camel 4.18.0 — CVE Security Assessment Three critical...

GHSA-695C-X5GC-94GJ Apache camel-coap allows header injection that can lead to remote code execution

Apache Camel's camel-coap component is vulnerable to header injection because it maps CoAP request URI query parameters directly into Camel message headers without applying a HeaderFilterStrategy. An unauthenticated attacker can send a crafted CoAP request to inject arbitrary Camel internal heade...

Apache camel-coap allows header injection that can lead to remote code execution

Apache Camel's camel-coap component is vulnerable to header injection because it maps CoAP request URI query parameters directly into Camel message headers without applying a HeaderFilterStrategy. An unauthenticated attacker can send a crafted CoAP request to inject arbitrary Camel internal heade...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes throug the CamelCoapResource.handleRequest function. An attacker can execute arbitrary operating system commands by injecting specially crafted CoAP URI quer...

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to a flaw in the default filtering mechanism HeaderFilterStrategy that only blocks headers starting with specific prefixes. An attacker can execute arbitrary code and write files by injecting...

org.apache.camel.kafkaconnector:camel-coap-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.kafkaconnector:camel-coap-tcp-kafka-connector (>=0.1.0 <=0.11.5) +9 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-coap (>=3.0.0-M1 <=4.14.5)

org.apache.camel:camel-coap MAVEN version =3.0.0-M1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3.0.0, =3.0.0-M1, =3.0.0-RC3 Source cves: CVE-2026-40453 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-16321638...

org.apache.camel.kafkaconnector:camel-coap-kafka-connector (>=0.1.0 <=0.11.5), org.apache.camel.kafkaconnector:camel-coap-tcp-kafka-connector (>=0.1.0 <=0.11.5) +8 more potentially affected by CVE-2026-40453 via org.apache.camel:camel-coap (>=3.0.0 <=4.14.5)

org.apache.camel:camel-coap MAVEN version =3.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =4.10.3, =1.1.0, =1.1.0, =1.1.0, =2.3.0, =3.0.0, =4.14.5 Source cves: CVE-2026-40453 Source advisory: OSV:GHSA-JG2M-9X48-3GVJ...

CVE-2026-40453

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

EUVD-2026-25791

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

CVE-2026-40453 Apache Camel JMS, Apache Camel CoAP, Apache Camel Google PubSub: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

CVE-2026-40453

Apache Camel non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) are affected by an incomplete fix for CVE-2025-27636. The fix added setLowerCase(true) to HttpHeaderFilterStrategy, but five non-HTTP implementations still use case-sensitive header filtering, wh...

CVE-2026-40453 Apache Camel JMS, Apache Camel CoAP, Apache Camel Google PubSub: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern, and routing and mediation rules are configured through...

[SECURITY] Fedora 44 Update: qt6-qtcoap-6.10.3-1.fc44

Qt CoAP API provides classes and functions to access the CoAP protocol...

OSV-2026-589 Heap-double-free in coap_new_oscore_conf

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=503812134 Crash type: Heap-double-free Crash state: coapnewoscoreconf oscoreconfparsetarget.c coapnewoscoreconf...