35126 matches found
CVE-2026-49086
Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...
CVE-2026-49086 Apache Camel Dapr: Pub/Sub consumer copied the inbound CloudEvent's pub/sub-name and topic into producer-direction routing headers, allowing an actor who can publish to the subscribed topic to influence internal behaviour
Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...
CVE-2026-48206 Apache Camel JIRA: A set of non-Camel-prefixed Exchange header constants bypass the HTTP header filter, allowing an HTTP client to drive arbitrary JIRA issue operations using the endpoint's configured credentials
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...
CVE-2026-48206
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...
CVE-2026-48206
Apache Camel JIRA: A vulnerability allows an unauthenticated HTTP client to bypass input validation by supplying non-Camel header names (IssueKey, ProjectKey, IssueTransitionId, etc.) that flow into jira: producers. This lets the attacker potentially drive JIRA operations (delete/transition issue...
CVE-2026-48205
Summary: CVE-2026-48205 describes an SSRF vulnerability in the Apache Camel DNS component where DNS operation headers can be supplied via non-Camel header names (dns.server, dns.name, dns.domain, dns.type, dns.class, term) because the HTTP header filter is insufficient. This allows an unauthentic...
CVE-2026-48205 Apache Camel DNS: The dns.* and term Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to influence internal behaviour
Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...
CVE-2026-48205
Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...
EUVD-2026-41840
Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...
CVE-2026-48204 Apache Camel: Camel-MongoDB-GridFS: The gridfs.* control headers used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to switch the GridFS operation - including destructive file deletion - in the default configuration
Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...
CVE-2026-48204
Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...
EUVD-2026-41839
Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...
CVE-2026-48204
The CVE describes an improper input validation and access-control flaw in Apache Camel’s MongoDB GridFS component where gridfs.* headers (gridfs.operation, gridfs.objectid, etc.) bypass the HTTP header filter. With no explicit operation, an unauthenticated HTTP client can override the GridFS oper...
CVE-2026-48203
CVE-2026-48203 affects Apache Camel’s Solr component. The vulnerability arises because SolrParam.* and SolrField.* headers are copied into Solr request parameters and indexed fields without respecting the Camel/HTTP header boundary, enabling an unauthenticated HTTP client to inject arbitrary Solr...
CVE-2026-48203 Apache Camel: Camel-Solr: The SolrParam. and SolrField. Exchange header prefixes used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to inject Solr query parameters (server-side request forgery) and document fields
Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...
CVE-2026-48203
Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...
EUVD-2026-41838
Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...
CVE-2026-46726 Apache Camel Vertx Websocket: The inbound consumer maps externally-supplied WebSocket query and path parameters into the Exchange without a HeaderFilterStrategy, allowing injection of Camel control headers
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...
CVE-2026-46726
Apache Camel Vertx Websocket: the inbound WebSocket consumer maps external query/path parameters into the Exchange header map without HeaderFilterStrategy, enabling injection of Camel headers (e.g., CamelHttpUri) and potential server-side request forgery (SSRF) to attacker-controlled URIs. The HT...
CVE-2026-46726
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...