2 matches found
CVE-2026-49099
The CVE affects Apache Camel: Salesforce component, where operation parameters (SOQL/SOSL queries, SObject name/id, Apex URL/method, Apex query params) are read from untrusted Exchange headers, bypassing endpoint config due to plain non‑Camel header names. HttpHeaderFilterStrategy blocks only the...
CVE-2026-46454
The CVE-2026-46454 entry describes an improper input validation vulnerability in Apache Camel’s CometD binding. The issue arises because inbound Bayeux/CometD headers are mapped into the Camel Exchange without a HeaderFilterStrategy, copying the entire ext.CamelHeaders map onto the message. This ...