CVE-2026-46585
The CVE describes an improper input validation/authorization bypass in the Apache Camel Lucene component. The root cause is that the Camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value is the plain string QUERY (and RETURN_LUCENE_DOCS f...