2 matches found
CVE-2026-49097 Apache Camel: Camel-IRC: The irc.sendTo (and other irc.*) Exchange header constants used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to redirect outgoing IRC messages to arbitrary channels or users
Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...
CVE-2026-49097
Apache Camel IRC component (Camel-IRC) is affected: the irc.sendTo and related irc.* headers can bypass HTTP header filtering and direct outgoing IRC messages to arbitrary channels/users, enabling header-based redirection in routes bridging HTTP to irc:. Affected versions: 4.0.0–before 4.14.8, 4....