Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-46454 (GCVE-0-2026-46454)
Vulnerability from cvelistv5 – Published: 2026-07-06 07:56 – Updated: 2026-07-06 17:41- CWE-20 - Improper Input Validation
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Camel |
Affected:
4.0.0 , < 4.14.8
(semver)
Affected: 4.15.0 , < 4.18.3 (semver) Affected: 4.19.0 , < 4.21.0 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-07-06T09:25:11.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/07/05/7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-46454",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T17:41:16.224857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T17:41:19.974Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.camel:camel-cometd",
"product": "Apache Camel",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.14.8",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "4.18.3",
"status": "affected",
"version": "4.15.0",
"versionType": "semver"
},
{
"lessThan": "4.21.0",
"status": "affected",
"version": "4.19.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yu Bao from Paypal"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Input Validation vulnerability in Apache Camel Cometd Component.\u003c/p\u003eThe camel-cometd component maps inbound Bayeux (CometD) message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplied by the CometD client directly onto the Camel message (message.setHeaders), so any header name - including Camel-internal control headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName - is accepted unmodified. Because a CometdComponent installs no Bayeux SecurityPolicy by default, any client that can complete the Bayeux handshake against the CometD endpoint can publish such a message without authentication. An attacker can therefore inject arbitrary Camel control headers that influence the behaviour of downstream producers in the route (for example redirecting an HTTP producer, changing a file name, or overriding a JMS destination); the injected headers also persist across internal direct, seda and vm hops. The concrete downstream impact depends on which producers the route uses.\u003cbr\u003e\u003cp\u003eThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix implements a HeaderFilterStrategy in the camel-cometd binding (a long-standing TODO in the code) that filters the Camel header namespace case-insensitively on inbound mapping, so client-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from inbound CometD messages before they reach any downstream producer (for example removeHeaders(\u0027Camel*\u0027) and removeHeaders(\u0027camel*\u0027) at the start of the route), and install an explicit Bayeux SecurityPolicy on the CometdComponent so that only authenticated clients can publish.\u003c/p\u003e"
}
],
"value": "Improper Input Validation vulnerability in Apache Camel Cometd Component.\n\nThe camel-cometd component maps inbound Bayeux (CometD) message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplied by the CometD client directly onto the Camel message (message.setHeaders), so any header name - including Camel-internal control headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName - is accepted unmodified. Because a CometdComponent installs no Bayeux SecurityPolicy by default, any client that can complete the Bayeux handshake against the CometD endpoint can publish such a message without authentication. An attacker can therefore inject arbitrary Camel control headers that influence the behaviour of downstream producers in the route (for example redirecting an HTTP producer, changing a file name, or overriding a JMS destination); the injected headers also persist across internal direct, seda and vm hops. The concrete downstream impact depends on which producers the route uses.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix implements a HeaderFilterStrategy in the camel-cometd binding (a long-standing TODO in the code) that filters the Camel header namespace case-insensitively on inbound mapping, so client-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from inbound CometD messages before they reach any downstream producer (for example removeHeaders(\u0027Camel*\u0027) and removeHeaders(\u0027camel*\u0027) at the start of the route), and install an explicit Bayeux SecurityPolicy on the CometdComponent so that only authenticated clients can publish."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T07:56:14.036Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://camel.apache.org/security/CVE-2026-46454.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-46454",
"datePublished": "2026-07-06T07:56:14.036Z",
"dateReserved": "2026-05-14T08:45:22.737Z",
"dateUpdated": "2026-07-06T17:41:19.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-46454",
"date": "2026-07-06",
"epss": "0.00195",
"percentile": "0.0936"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-46454\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-07-06T09:16:36.457\",\"lastModified\":\"2026-07-06T19:17:04.727\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation vulnerability in Apache Camel Cometd Component.\\n\\nThe camel-cometd component maps inbound Bayeux (CometD) message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplied by the CometD client directly onto the Camel message (message.setHeaders), so any header name - including Camel-internal control headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName - is accepted unmodified. Because a CometdComponent installs no Bayeux SecurityPolicy by default, any client that can complete the Bayeux handshake against the CometD endpoint can publish such a message without authentication. An attacker can therefore inject arbitrary Camel control headers that influence the behaviour of downstream producers in the route (for example redirecting an HTTP producer, changing a file name, or overriding a JMS destination); the injected headers also persist across internal direct, seda and vm hops. The concrete downstream impact depends on which producers the route uses.\\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\\n\\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix implements a HeaderFilterStrategy in the camel-cometd binding (a long-standing TODO in the code) that filters the Camel header namespace case-insensitively on inbound mapping, so client-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from inbound CometD messages before they reach any downstream producer (for example removeHeaders(\u0027Camel*\u0027) and removeHeaders(\u0027camel*\u0027) at the start of the route), and install an explicit Bayeux SecurityPolicy on the CometdComponent so that only authenticated clients can publish.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Camel\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://repo.maven.apache.org/maven2\",\"packageName\":\"org.apache.camel:camel-cometd\",\"versions\":[{\"version\":\"4.0.0\",\"lessThan\":\"4.14.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.15.0\",\"lessThan\":\"4.18.3\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.19.0\",\"lessThan\":\"4.21.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-06T17:41:16.224857Z\",\"id\":\"CVE-2026-46454\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://camel.apache.org/security/CVE-2026-46454.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/07/05/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/07/05/7\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-07-06T09:25:11.555Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-46454\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-06T17:41:16.224857Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-06T17:41:10.958Z\"}}], \"cna\": {\"title\": \"Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Yu Bao from Paypal\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Camel\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.14.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.15.0\", \"lessThan\": \"4.18.3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.19.0\", \"lessThan\": \"4.21.0\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.camel:camel-cometd\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://camel.apache.org/security/CVE-2026-46454.html\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Input Validation vulnerability in Apache Camel Cometd Component.\\n\\nThe camel-cometd component maps inbound Bayeux (CometD) message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplied by the CometD client directly onto the Camel message (message.setHeaders), so any header name - including Camel-internal control headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName - is accepted unmodified. Because a CometdComponent installs no Bayeux SecurityPolicy by default, any client that can complete the Bayeux handshake against the CometD endpoint can publish such a message without authentication. An attacker can therefore inject arbitrary Camel control headers that influence the behaviour of downstream producers in the route (for example redirecting an HTTP producer, changing a file name, or overriding a JMS destination); the injected headers also persist across internal direct, seda and vm hops. The concrete downstream impact depends on which producers the route uses.\\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\\n\\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix implements a HeaderFilterStrategy in the camel-cometd binding (a long-standing TODO in the code) that filters the Camel header namespace case-insensitively on inbound mapping, so client-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from inbound CometD messages before they reach any downstream producer (for example removeHeaders(\u0027Camel*\u0027) and removeHeaders(\u0027camel*\u0027) at the start of the route), and install an explicit Bayeux SecurityPolicy on the CometdComponent so that only authenticated clients can publish.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Input Validation vulnerability in Apache Camel Cometd Component.\u003c/p\u003eThe camel-cometd component maps inbound Bayeux (CometD) message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplied by the CometD client directly onto the Camel message (message.setHeaders), so any header name - including Camel-internal control headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName - is accepted unmodified. Because a CometdComponent installs no Bayeux SecurityPolicy by default, any client that can complete the Bayeux handshake against the CometD endpoint can publish such a message without authentication. An attacker can therefore inject arbitrary Camel control headers that influence the behaviour of downstream producers in the route (for example redirecting an HTTP producer, changing a file name, or overriding a JMS destination); the injected headers also persist across internal direct, seda and vm hops. The concrete downstream impact depends on which producers the route uses.\u003cbr\u003e\u003cp\u003eThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix implements a HeaderFilterStrategy in the camel-cometd binding (a long-standing TODO in the code) that filters the Camel header namespace case-insensitively on inbound mapping, so client-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from inbound CometD messages before they reach any downstream producer (for example removeHeaders(\u0027Camel*\u0027) and removeHeaders(\u0027camel*\u0027) at the start of the route), and install an explicit Bayeux SecurityPolicy on the CometdComponent so that only authenticated clients can publish.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-07-06T07:56:14.036Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-46454\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-06T17:41:19.974Z\", \"dateReserved\": \"2026-05-14T08:45:22.737Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-07-06T07:56:14.036Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-46454
Vulnerability from fkie_nvd - Published: 2026-07-06 09:16 - Updated: 2026-07-06 19:17| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.camel:camel-cometd",
"product": "Apache Camel",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.14.8",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "4.18.3",
"status": "affected",
"version": "4.15.0",
"versionType": "semver"
},
{
"lessThan": "4.21.0",
"status": "affected",
"version": "4.19.0",
"versionType": "semver"
}
]
}
],
"source": "security@apache.org"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in Apache Camel Cometd Component.\n\nThe camel-cometd component maps inbound Bayeux (CometD) message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplied by the CometD client directly onto the Camel message (message.setHeaders), so any header name - including Camel-internal control headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName - is accepted unmodified. Because a CometdComponent installs no Bayeux SecurityPolicy by default, any client that can complete the Bayeux handshake against the CometD endpoint can publish such a message without authentication. An attacker can therefore inject arbitrary Camel control headers that influence the behaviour of downstream producers in the route (for example redirecting an HTTP producer, changing a file name, or overriding a JMS destination); the injected headers also persist across internal direct, seda and vm hops. The concrete downstream impact depends on which producers the route uses.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix implements a HeaderFilterStrategy in the camel-cometd binding (a long-standing TODO in the code) that filters the Camel header namespace case-insensitively on inbound mapping, so client-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from inbound CometD messages before they reach any downstream producer (for example removeHeaders(\u0027Camel*\u0027) and removeHeaders(\u0027camel*\u0027) at the start of the route), and install an explicit Bayeux SecurityPolicy on the CometdComponent so that only authenticated clients can publish."
}
],
"id": "CVE-2026-46454",
"lastModified": "2026-07-06T19:17:04.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-46454",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T17:41:16.224857Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-07-06T09:16:36.457",
"references": [
{
"source": "security@apache.org",
"url": "https://camel.apache.org/security/CVE-2026-46454.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2026/07/05/7"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
GHSA-R9CC-J7WR-P329
Vulnerability from github – Published: 2026-07-06 09:30 – Updated: 2026-07-06 21:30Improper Input Validation vulnerability in Apache Camel Cometd Component.
The camel-cometd component maps inbound Bayeux (CometD) message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplied by the CometD client directly onto the Camel message (message.setHeaders), so any header name - including Camel-internal control headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName - is accepted unmodified. Because a CometdComponent installs no Bayeux SecurityPolicy by default, any client that can complete the Bayeux handshake against the CometD endpoint can publish such a message without authentication. An attacker can therefore inject arbitrary Camel control headers that influence the behaviour of downstream producers in the route (for example redirecting an HTTP producer, changing a file name, or overriding a JMS destination); the injected headers also persist across internal direct, seda and vm hops. The concrete downstream impact depends on which producers the route uses. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.
Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix implements a HeaderFilterStrategy in the camel-cometd binding (a long-standing TODO in the code) that filters the Camel header namespace case-insensitively on inbound mapping, so client-supplied Camel / camel headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from inbound CometD messages before they reach any downstream producer (for example removeHeaders('Camel') and removeHeaders('camel') at the start of the route), and install an explicit Bayeux SecurityPolicy on the CometdComponent so that only authenticated clients can publish.
{
"affected": [],
"aliases": [
"CVE-2026-46454"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-06T09:16:36Z",
"severity": "CRITICAL"
},
"details": "Improper Input Validation vulnerability in Apache Camel Cometd Component.\n\nThe camel-cometd component maps inbound Bayeux (CometD) message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMessage copies the entire ext.CamelHeaders map supplied by the CometD client directly onto the Camel message (message.setHeaders), so any header name - including Camel-internal control headers such as CamelHttpUri, CamelFileName or CamelJmsDestinationName - is accepted unmodified. Because a CometdComponent installs no Bayeux SecurityPolicy by default, any client that can complete the Bayeux handshake against the CometD endpoint can publish such a message without authentication. An attacker can therefore inject arbitrary Camel control headers that influence the behaviour of downstream producers in the route (for example redirecting an HTTP producer, changing a file name, or overriding a JMS destination); the injected headers also persist across internal direct, seda and vm hops. The concrete downstream impact depends on which producers the route uses.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix implements a HeaderFilterStrategy in the camel-cometd binding (a long-standing TODO in the code) that filters the Camel header namespace case-insensitively on inbound mapping, so client-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from inbound CometD messages before they reach any downstream producer (for example removeHeaders(\u0027Camel*\u0027) and removeHeaders(\u0027camel*\u0027) at the start of the route), and install an explicit Bayeux SecurityPolicy on the CometdComponent so that only authenticated clients can publish.",
"id": "GHSA-r9cc-j7wr-p329",
"modified": "2026-07-06T21:30:36Z",
"published": "2026-07-06T09:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46454"
},
{
"type": "WEB",
"url": "https://camel.apache.org/security/CVE-2026-46454.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/07/05/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2026-2203
Vulnerability from csaf_certbund - Published: 2026-07-05 22:00 - Updated: 2026-07-06 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apache Camel ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, serverseitige Request-Forgery durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-2203 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-2203.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-2203 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2203"
},
{
"category": "external",
"summary": "Apache Camel Security Information vom 2026-07-05",
"url": "https://camel.apache.org/security/"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-40047.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-40859.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-43865.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-43866.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46453.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46454.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46455.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46456.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46457.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46584.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46585.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46590.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46591.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46592.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46726.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-48203.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-48204.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-48205.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-48206.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49086.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49097.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49098.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49099.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49365.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-53913.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-55993.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-55994.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-56139.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-56140.html"
}
],
"source_lang": "en-US",
"title": "Apache Camel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-07-06T22:00:00.000+00:00",
"generator": {
"date": "2026-07-07T07:46:44.546+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-2203",
"initial_release_date": "2026-07-05T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-07-05T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-07-06T22:00:00.000+00:00",
"number": "2",
"summary": "CVE-Nummern erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.18.3",
"product": {
"name": "Apache Camel \u003c4.18.3",
"product_id": "T056164"
}
},
{
"category": "product_version",
"name": "4.18.3",
"product": {
"name": "Apache Camel 4.18.3",
"product_id": "T056164-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.18.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.21.0",
"product": {
"name": "Apache Camel \u003c4.21.0",
"product_id": "T056165"
}
},
{
"category": "product_version",
"name": "4.21.0",
"product": {
"name": "Apache Camel 4.21.0",
"product_id": "T056165-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.21.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.14.8",
"product": {
"name": "Apache Camel \u003c4.14.8",
"product_id": "T056166"
}
},
{
"category": "product_version",
"name": "4.14.8",
"product": {
"name": "Apache Camel 4.14.8",
"product_id": "T056166-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.14.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.20.0",
"product": {
"name": "Apache Camel \u003c4.20.0",
"product_id": "T056168"
}
},
{
"category": "product_version",
"name": "4.20.0",
"product": {
"name": "Apache Camel 4.20.0",
"product_id": "T056168-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.20.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.19.0",
"product": {
"name": "Apache Camel \u003c4.19.0",
"product_id": "T056169"
}
},
{
"category": "product_version",
"name": "4.19.0",
"product": {
"name": "Apache Camel 4.19.0",
"product_id": "T056169-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.19.0"
}
}
}
],
"category": "product_name",
"name": "Camel"
}
],
"category": "vendor",
"name": "Apache"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40047",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-40047"
},
{
"cve": "CVE-2026-40859",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-40859"
},
{
"cve": "CVE-2026-43865",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-43865"
},
{
"cve": "CVE-2026-43866",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-43866"
},
{
"cve": "CVE-2026-43867",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-43867"
},
{
"cve": "CVE-2026-46453",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46453"
},
{
"cve": "CVE-2026-46454",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46454"
},
{
"cve": "CVE-2026-46455",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46455"
},
{
"cve": "CVE-2026-46456",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46456"
},
{
"cve": "CVE-2026-46457",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46457"
},
{
"cve": "CVE-2026-46584",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46584"
},
{
"cve": "CVE-2026-46585",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46585"
},
{
"cve": "CVE-2026-46587",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46587"
},
{
"cve": "CVE-2026-46588",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46588"
},
{
"cve": "CVE-2026-46590",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46590"
},
{
"cve": "CVE-2026-46591",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46591"
},
{
"cve": "CVE-2026-46592",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46592"
},
{
"cve": "CVE-2026-46726",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46726"
},
{
"cve": "CVE-2026-48203",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-48203"
},
{
"cve": "CVE-2026-48204",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-48204"
},
{
"cve": "CVE-2026-48205",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-48205"
},
{
"cve": "CVE-2026-48206",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-48206"
},
{
"cve": "CVE-2026-49042",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49042"
},
{
"cve": "CVE-2026-49086",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49086"
},
{
"cve": "CVE-2026-49097",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49097"
},
{
"cve": "CVE-2026-49098",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49098"
},
{
"cve": "CVE-2026-49099",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49099"
},
{
"cve": "CVE-2026-49365",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49365"
},
{
"cve": "CVE-2026-53913",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-53913"
},
{
"cve": "CVE-2026-55993",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-55993"
},
{
"cve": "CVE-2026-55994",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-55994"
},
{
"cve": "CVE-2026-56139",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-56139"
},
{
"cve": "CVE-2026-56140",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-56140"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.