Lucene search
+L
ApacheCamel4.18.0

6 matches found

CVE
CVE
added 2026/04/27 9:58 a.m.87 views

CVE-2026-33453

The CVE-2026-33453 issue affects Apache Camel’s camel-coap component, enabling header injection via CoAP URI query parameters. The camel-coap handler copies incoming CoAP URI query params directly into Camel Exchange In headers without a HeaderFilterStrategy, allowing an unauthenticated attacker ...

10CVSS6.5AI score0.06157EPSS
Web
CVE
CVE
added 2026/04/27 7:53 a.m.37 views

CVE-2026-40048

CVE-2026-40048 – Apache Camel PQC deserialization flaw : The Camel-PQC FileBasedKeyLifecycleManager deserializes the contents of .key files in the configured key directory via java.io.ObjectInputStream without ObjectInputFilter or class-loading restrictions. The vulnerable step is that the cast t...

7.8CVSS6.3AI score0.00342EPSS
Web
CVE
CVE
added 2026/07/06 8:24 a.m.24 views

CVE-2026-43867

The CVE concerns Apache Camel’s PQC component where AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() Base64-decodes and deserializes persisted KeyMetadata via a raw java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allow-list. A user who can write to the confi...

9.8CVSS6.4AI score0.00691EPSS
CVE
CVE
added 2026/07/06 7:56 a.m.20 views

CVE-2026-46455

CVE-2026-46455 affects Apache Camel with the camel-keycloak component. The security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks(...) that only enforces subject and issuer, but omits the default IS_ACTIVE check. Consequently, the verifie...

9.8CVSS6AI score0.00411EPSS
CVE
CVE
added 2026/07/06 8:3 a.m.18 views

CVE-2026-46590

CVE-2026-46590 (Apache Camel-PQC) describes a deserialization of untrusted data issue in the camel-pqc component. Hashicorp Vault and AWS Secrets Manager key lifecycle managers deserialize a Base64-wrapped value via java.io.ObjectInputStream.readObject() without an ObjectInputFilter or class allo...

8.8CVSS6.4AI score0.00485EPSS
CVE
CVE
added 2026/07/06 7:55 a.m.16 views

CVE-2026-42527

CVE-2026-42527 describes a deserialization of untrusted data in Apache Camel. A permissive default ObjectInputFilter pattern (covering java., javax. , org.apache.camel.**) can serialize HashMap-like structures containing java.net.URL keys, causing DNS lookups as a side-channel via hashCode/equals...

8.1CVSS6AI score0.00546EPSS