Lucene search
K

9 matches found

CVE
CVE
added last week18 views

CVE-2026-53913

CVE-2026-53913 – Apache Camel Keycloak (camel-keycloak) : The vulnerability arises because the KeycloakSecurityPolicy performs token verification only inside role and permission checks. By default, requiredRoles and requiredPermissions are empty, causing these checks to be skipped while the polic...

9.8CVSS6.4AI score0.00619EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/26 12:0 a.m.8 views

Apache Camel 4.15.0 < 4.18.0 Authentication Bypass (CVE-2026-23552)

The version of Apache Camel on the remote host is 4.15.0 prior to 4.18.0. It is, therefore, affected by an authentication bypass vulnerability: - The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one...

9.1CVSS6AI score0.00398EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2026/02/24 1:34 p.m.10 views

CVE-2026-23552

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...

9.1CVSS5.4AI score0.00398EPSS
Exploits2References1
Snyk
Snyk
added 2026/02/23 9:31 a.m.7 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the KeycloakSecurityPolicy which does not validate the iss issuer claim of JWT tokens against the configured realm. An attacker can gain unauthorized access to resources by providing a JWT token issued by a...

9.3CVSS6AI score0.00398EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/02/23 8:45 a.m.28 views

CVE-2026-23552 Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...

0.00398EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/02/23 8:45 a.m.5 views

CVE-2026-23552 Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...

5.4AI score0.00398EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.10 views

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern from the Apache Foundation in the United States. This framework provides implementations of Java objects following the Enterprise Integration Pattern and allows routing and mediation rules to be...

9.1CVSS5.8AI score0.00398EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.10 views

PT-2026-20652

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.17.9 Description The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. This allows a token issued by one Keycloak realm to be silentl...

9.1CVSS5.9AI score0.00398EPSS
Exploits2References25
GithubExploit
GithubExploit
added 2026/02/09 12:50 p.m.147 views

Exploit for CVE-2026-23552

CVE-2026-23552 - Cross-Realm Token Acceptance in camel-keycloa...

5.8AI score0.00398EPSS
Exploits2
Rows per page
Query Builder