{"vulnerability": "CVE-2026-4645", "sightings": [{"uuid": "ddf6d0da-c504-42c4-bcc9-20614c400f87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4645", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhqgxxunpd2d", "content": "", "creation_timestamp": "2026-03-23T16:07:40.515423Z"}, {"uuid": "43054565-9e19-4e05-bdfa-7d270c627b6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4645", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhqbcgzkhx26", "content": "", "creation_timestamp": "2026-03-23T14:26:12.340768Z"}, {"uuid": "1430c775-3b50-4ba7-8494-325da63a6d30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4645", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0376/", "content": "", "creation_timestamp": "2026-03-29T17:00:00.000000Z"}, {"uuid": "f1cef729-cb7e-4ed3-b12a-bd31c23eccc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46455", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwcuibuak27", "content": "CVE-2026-46455: Apache Camel: Camel-Keycloak: The access-token validity window is not verified because the IS_ACTIVE check is missing from the TokenVerifier, allowing expired tokens to be accepted", "creation_timestamp": "2026-07-05T19:31:39.358735Z"}, {"uuid": "520a5c16-101f-4cd9-96d5-c2b06d0ecfda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46454", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwd6qnra62b", "content": "CVE-2026-46454: Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers", "creation_timestamp": "2026-07-05T19:37:23.534111Z"}, {"uuid": "9d2c1318-0568-4b9b-b120-ab2a99198c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46457", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwdt4a3tg2f", "content": "CVE-2026-46457: Apache Camel: Camel-NATS: Inbound NATS message headers are mapped into the Exchange without a configured HeaderFilterStrategy, allowing a client that can publish to the subject to inject Camel control headers", "creation_timestamp": "2026-07-05T19:48:48.997348Z"}, {"uuid": "3cba4f8d-ed6f-44f2-9fb5-f12c9b2c8d27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46453", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwe42o2eu25", "content": "CVE-2026-46453: Apache Camel: Camel-Elasticsearch-Rest-Client: Exchange header constants without the Camel prefix bypass inbound HTTP header filtering, allowing untrusted clients to override the Elasticsearch query and operation", "creation_timestamp": "2026-07-05T19:53:47.812970Z"}, {"uuid": "c4e9608d-d802-4143-a694-1f0bb6038061", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46456", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwewxwxll2f", "content": "CVE-2026-46456: Apache Camel: Camel-AWS2-SQS: Inbound message attributes are mapped into the Exchange without an inbound HeaderFilterStrategy, allowing a message sender to inject Camel control headers", "creation_timestamp": "2026-07-05T20:08:50.397841Z"}, {"uuid": "539db8f8-2dd3-4d46-9b47-b383a3469ee0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46454", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpypo5e3fk2s", "content": "CVE-2026-46454 - apache camel\nApache Camel's CometD component doesn't check incoming messages for security. This allows unauthenticated clients to inject custom headers that can affect how the\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachecamel #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-06T18:26:04.940886Z"}, {"uuid": "949fe04d-2b37-4bab-ab77-d3c277e6feaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46455", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpywepxbu62k", "content": "CVE-2026-46455 - apache camel\nApache Camel's Keycloak component fails to verify access token expiration dates, allowing expired tokens to be accepted. This issue affects Apache Camel versions\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachecamel #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-06T20:26:06.419098Z"}, {"uuid": "e433cae0-e65d-4b12-8042-b45078d7afc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46456", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpywerckq62b", "content": "CVE-2026-46456 - apache camel\nApache Camel's SQS component allows malicious users to inject custom headers into messages. This could be exploited by attackers to manipulate the behavior of\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachecamel #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-06T20:26:08.615083Z"}, {"uuid": "6880987f-b389-4bef-95a3-3d08670bb74e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46457", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mq6oqxhexg2z", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-46457 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Apache Camel NATS: \u0443\u0433\u0440\u043e\u0437\u0430 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/366AD55A-FB88-4003-8540-F7FF4DC3D508", "creation_timestamp": "2026-07-09T03:25:44.522104Z"}, {"uuid": "27f90899-7d47-4b04-99b2-7b27959ac2b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46455", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mq6pconfr52w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-46455 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Apache Camel Keycloak: \u0443\u0433\u0440\u043e\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u0437\u0430\u0432\u0435\u0440\u0448\u0435\u043d\u0438\u044f \u0441\u0435\u0430\u043d\u0441\u043e\u0432\n\n\n\nhttps://kripta.biz/posts/935A1812-F2FB-462A-8605-62E508A077FE", "creation_timestamp": "2026-07-09T03:35:38.555621Z"}, {"uuid": "582cb84a-1c21-499e-b052-6962da164abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46456", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mq6pdgalku2e", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-46456 \u0432 Apache Camel AWS2-SQS: \u0443\u0433\u0440\u043e\u0437\u0430 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/0DA5AF62-7C71-4EE1-AFE6-12E81B4C4384", "creation_timestamp": "2026-07-09T03:36:04.417291Z"}, {"uuid": "f2dad4d0-9a49-4976-9160-d9cd54e6ca73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46453", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mq6pg5uv3f2w", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-46453: \u041e\u0431\u0445\u043e\u0434 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0435 \u043a\u043b\u044e\u0447\u0438 \u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u0434\u043b\u044f \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\n\n\n\nhttps://kripta.biz/posts/EEAB564C-D4F0-4790-B135-304604734F1F", "creation_timestamp": "2026-07-09T03:37:35.158081Z"}, {"uuid": "ec6ebacd-bd93-4d61-9c45-0498077ad61f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46454", "type": "seen", "source": "https://bsky.app/profile/kriptabiz.bsky.social/post/3mq6pgnvwbd2f", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-46454 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Apache Camel Cometd: \u0443\u0433\u0440\u043e\u0437\u0430 \u0438 \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u044b\n\n\n\nhttps://kripta.biz/posts/968BE81B-7086-4A8D-BDCD-1B1A122E9771", "creation_timestamp": "2026-07-09T03:37:51.867022Z"}, {"uuid": "8bd9beac-a5ff-4277-901c-cebdba7fba56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46454", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mq6ugb4t7n2m", "content": "\ud83d\udccc CVE-2026-46454 - Improper Input Validation vulnerability in Apache Camel Cometd Component.\n\nThe camel-cometd component maps inbound Bayeux (CometD) message headers int... https://www.cyberhub.blog/cves/CVE-2026-46454", "creation_timestamp": "2026-07-09T05:07:07.562711Z"}, {"uuid": "d89e3e11-9765-4a3a-b8c7-1ee791db8ba8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46455", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mq6w3vdfrp23", "content": "\ud83d\udccc CVE-2026-46455 - Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component.\n\nThe camel-keycloak security helper KeycloakSecurityHelper.parseAndV... https://www.cyberhub.blog/cves/CVE-2026-46455", "creation_timestamp": "2026-07-09T05:37:06.966940Z"}, {"uuid": "30fa5bc5-4107-4a7c-8119-e0f72f32a930", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46456", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mq6xrjrva62f", "content": "\ud83d\udccc CVE-2026-46456 - Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component.\n\n\nThe camel-aws2-sqs component map inbound message attributes into the Cam... https://www.cyberhub.blog/cves/CVE-2026-46456", "creation_timestamp": "2026-07-09T06:07:06.834632Z"}]}