Lucene search
K

16 matches found

NVD
NVD
added 4 days ago11 views

CVE-2026-49042

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...

7.3CVSS0.00399EPSS
Exploits0References2
NVD
NVD
added 4 days ago9 views

CVE-2026-49098

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

5.3CVSS0.00385EPSS
Exploits0References2
NVD
NVD
added 4 days ago10 views

CVE-2026-46591

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

8.2CVSS0.00329EPSS
Exploits0References1
NVD
NVD
added 4 days ago9 views

CVE-2026-43865

Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds the Hazelcast Config itself - that is, when no...

8.1CVSS0.00804EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-56140 Apache Camel AWS2 SNS: An inbound Camel-namespace filter was added to Sns2HeaderFilterStrategy to align it with sibling components

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter...

0.00311EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-49086

CVE-2026-49086 (Apache Camel DAPR): Affects Camel DAPR Pub/Sub consumer where inbound CloudEvent fields pub/sub-name and topic are copied into routing headers (CamelDaprPubSubName, CamelDaprTopic). The headers are used to direct where messages are published, enabling an attacker who can publish t...

6.5CVSS6AI score0.00426EPSS
Exploits0References2Affected Software1
CVE
CVE
added 4 days ago11 views

CVE-2026-48206

Apache Camel JIRA: A vulnerability allows an unauthenticated HTTP client to bypass input validation by supplying non-Camel header names (IssueKey, ProjectKey, IssueTransitionId, etc.) that flow into jira: producers. This lets the attacker potentially drive JIRA operations (delete/transition issue...

5.3CVSS6.1AI score0.00349EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-48206

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...

6.1AI score0.00349EPSS
Exploits0References2Affected Software1
CVE
CVE
added 4 days ago10 views

CVE-2026-48204

The CVE describes an improper input validation and access-control flaw in Apache Camel’s MongoDB GridFS component where gridfs.* headers (gridfs.operation, gridfs.objectid, etc.) bypass the HTTP header filter. With no explicit operation, an unauthenticated HTTP client can override the GridFS oper...

9.8CVSS6AI score0.00452EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41838

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-46591 Apache Camel: Camel-Neo4j: JSON property names from the CamelNeo4jMatchProperties header are interpolated into the Cypher WHERE clause without validation, allowing Cypher injection (incomplete remediation of CVE-2025-66169)

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection...

0.00329EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

6AI score0.00378EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41831

Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy with no inbound rules configured NatsConfiguration. With no...

7.5CVSS6.1AI score0.00423EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-55895

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.18.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description Deserialization of untrusted data in the Apache Camel PQC component occurs when HashicorpVaultKeyLifecycleManager,...

8.8CVSS6.7AI score0.00485EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago11 views

PT-2026-55907

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description The camel-netty-http server consumer in Apache Camel contains an issue where the muteException optio...

5.3CVSS6.1AI score0.00363EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.2 views

Slackware Linux 15.0 / current libtasn1 Vulnerability (SSA:2026-008-01)

The version of libtasn1 installed on the remote host is prior to 4.21.0. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-008-01 advisory. New libtasn1 packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

7.5CVSS5.7AI score0.01109EPSS
Exploits0References2
Rows per page
Query Builder