{"vulnerability": "CVE-2026-53913", "sightings": [{"uuid": "f569d979-7748-4816-a0c7-bffbfadab314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53913", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwhr67bwy2o", "content": "CVE-2026-53913: Apache Camel: Camel-Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration (no required roles or permissions) the token is never verified and any non-null bearer value is accepted - a", "creation_timestamp": "2026-07-05T20:59:16.938386Z"}, {"uuid": "44dff39e-02bc-4bd9-b7f9-f3a54ad6d31a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-53913", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpy24owhaq2i", "content": "CRITICAL: Apache Camel Keycloak improper authentication (CVE-2026-53913) lets attackers bypass auth &amp; gain access in default configs. Upgrade to 4.21.0/4.18.3 or fix policy settings. https://radar.offseq.com/threat/cve-2026-53913-cwe-287-improper-authentication-in--29482412e19e3f00 #OffSeq #Apach...", "creation_timestamp": "2026-07-06T12:00:30.754195Z"}, {"uuid": "774d8fb4-e59f-4e9b-83e0-e612d7c455b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-53913", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116872919680337020", "content": "CVE-2026-53913 | CRITICAL | Apache Camel Keycloak: Default KeycloakSecurityPolicy skips token verification, enabling unauthenticated access and possible RCE on 4.15.0 \u2013 4.18.2 &amp; 4.19.0 \u2013 4.20.x. Upgrade to 4.21.0/4.18.3. https://radar.offseq.com/threat/cve-2026-53913-cwe-287-improper-authentication-in--29482412e19e3f00 #OffSeq #ApacheCamel #CVE202653913", "creation_timestamp": "2026-07-06T12:00:29.420516Z"}, {"uuid": "d5d68964-bd47-4f9c-a07c-be144341d3d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53913", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpy2hxlw5o2w", "content": "CVE-2026-53913 - Apache Camel Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration the token is never verified and any non-null bearer value is accepted\nCVE ID : CVE-2026-53913\n \n Publishe...", "creation_timestamp": "2026-07-06T12:06:48.802068Z"}, {"uuid": "37b24005-93e4-4784-b009-b5dbfa00dd7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53913", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq2olleolc2s", "content": "CVE-2026-53913 - apache camel keycloak\nIn the default configuration of Apache Camel Keycloak, access tokens are not verified, allowing any non-null value in the Authorization: Bearer header to pass. This\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-07T13:12:04.326285Z"}]}