Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-46585 (GCVE-0-2026-46585)
Vulnerability from cvelistv5 – Published: 2026-07-06 08:03 – Updated: 2026-07-06 19:24| URL | Tags |
|---|---|
| https://camel.apache.org/security/CVE-2026-46585.html | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2026/0… |
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Camel Lucene |
Affected:
4.0.0 , < 4.14.8
(semver)
Affected: 4.15.0 , < 4.18.3 (semver) Affected: 4.19.0 , < 4.21.0 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-07-06T09:25:20.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/07/05/12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-46585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T19:24:25.722933Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T19:24:45.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.camel:camel-lucene",
"product": "Apache Camel Lucene",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.14.8",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "4.18.3",
"status": "affected",
"version": "4.15.0",
"versionType": "semver"
},
{
"lessThan": "4.21.0",
"status": "affected",
"version": "4.19.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yu Bao from Paypal"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andrea Cosentino"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component.\u003c/p\u003eThe camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value was the plain string QUERY (and RETURN_LUCENE_DOCS for HEADER_RETURN_LUCENE_DOCS). Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that exposes a Lucene query operation behind an HTTP consumer (for example platform-http), any HTTP client could therefore set the QUERY header and have its value executed against the full-text index, overriding the query the route intended to run. Depending on what is indexed, this allows reading documents the request should not have access to (for example a match-all query returns the entire index, or the route\u0027s intended per-user filter can be replaced), and expensive regular-expression queries can consume significant CPU. No credentials are required when the HTTP consumer is unauthenticated.\u003cbr\u003e\u003cp\u003eThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set the query via the raw header name must use CamelLuceneQuery (and CamelLuceneReturnLuceneDocs) instead of QUERY / RETURN_LUCENE_DOCS. For deployments that cannot upgrade immediately, strip the attacker-controllable headers before the Lucene producer and set the query from a trusted source (for example removeHeader(\u0027QUERY\u0027) and removeHeader(\u0027RETURN_LUCENE_DOCS\u0027), then setHeader(\u0027QUERY\u0027, constant(...)) at the start of the route).\u003c/p\u003e"
}
],
"value": "Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component.\n\nThe camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value was the plain string QUERY (and RETURN_LUCENE_DOCS for HEADER_RETURN_LUCENE_DOCS). Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that exposes a Lucene query operation behind an HTTP consumer (for example platform-http), any HTTP client could therefore set the QUERY header and have its value executed against the full-text index, overriding the query the route intended to run. Depending on what is indexed, this allows reading documents the request should not have access to (for example a match-all query returns the entire index, or the route\u0027s intended per-user filter can be replaced), and expensive regular-expression queries can consume significant CPU. No credentials are required when the HTTP consumer is unauthenticated.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set the query via the raw header name must use CamelLuceneQuery (and CamelLuceneReturnLuceneDocs) instead of QUERY / RETURN_LUCENE_DOCS. For deployments that cannot upgrade immediately, strip the attacker-controllable headers before the Lucene producer and set the query from a trusted source (for example removeHeader(\u0027QUERY\u0027) and removeHeader(\u0027RETURN_LUCENE_DOCS\u0027), then setHeader(\u0027QUERY\u0027, constant(...)) at the start of the route)."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T08:03:16.498Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://camel.apache.org/security/CVE-2026-46585.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Camel Lucene: The query control headers used non-Camel-prefixed names (QUERY, RETURN_LUCENE_DOCS) that bypass the HTTP header filter, allowing an HTTP client to inject the full-text search query",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-46585",
"datePublished": "2026-07-06T08:03:16.498Z",
"dateReserved": "2026-05-15T07:54:48.302Z",
"dateUpdated": "2026-07-06T19:24:45.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-46585",
"date": "2026-07-06",
"epss": "0.00161",
"percentile": "0.05657"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-46585\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-07-06T09:16:37.030\",\"lastModified\":\"2026-07-06T20:16:34.833\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component.\\n\\nThe camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value was the plain string QUERY (and RETURN_LUCENE_DOCS for HEADER_RETURN_LUCENE_DOCS). Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that exposes a Lucene query operation behind an HTTP consumer (for example platform-http), any HTTP client could therefore set the QUERY header and have its value executed against the full-text index, overriding the query the route intended to run. Depending on what is indexed, this allows reading documents the request should not have access to (for example a match-all query returns the entire index, or the route\u0027s intended per-user filter can be replaced), and expensive regular-expression queries can consume significant CPU. No credentials are required when the HTTP consumer is unauthenticated.\\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\\n\\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set the query via the raw header name must use CamelLuceneQuery (and CamelLuceneReturnLuceneDocs) instead of QUERY / RETURN_LUCENE_DOCS. For deployments that cannot upgrade immediately, strip the attacker-controllable headers before the Lucene producer and set the query from a trusted source (for example removeHeader(\u0027QUERY\u0027) and removeHeader(\u0027RETURN_LUCENE_DOCS\u0027), then setHeader(\u0027QUERY\u0027, constant(...)) at the start of the route).\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Camel Lucene\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://repo.maven.apache.org/maven2\",\"packageName\":\"org.apache.camel:camel-lucene\",\"versions\":[{\"version\":\"4.0.0\",\"lessThan\":\"4.14.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.15.0\",\"lessThan\":\"4.18.3\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.19.0\",\"lessThan\":\"4.21.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-06T19:24:25.722933Z\",\"id\":\"CVE-2026-46585\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"references\":[{\"url\":\"https://camel.apache.org/security/CVE-2026-46585.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/07/05/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/07/05/12\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-07-06T09:25:20.474Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-46585\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-06T19:24:25.722933Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-06T19:24:42.444Z\"}}], \"cna\": {\"title\": \"Apache Camel Lucene: The query control headers used non-Camel-prefixed names (QUERY, RETURN_LUCENE_DOCS) that bypass the HTTP header filter, allowing an HTTP client to inject the full-text search query\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Yu Bao from Paypal\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Andrea Cosentino\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Camel Lucene\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.14.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.15.0\", \"lessThan\": \"4.18.3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.19.0\", \"lessThan\": \"4.21.0\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.camel:camel-lucene\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://camel.apache.org/security/CVE-2026-46585.html\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component.\\n\\nThe camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value was the plain string QUERY (and RETURN_LUCENE_DOCS for HEADER_RETURN_LUCENE_DOCS). Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that exposes a Lucene query operation behind an HTTP consumer (for example platform-http), any HTTP client could therefore set the QUERY header and have its value executed against the full-text index, overriding the query the route intended to run. Depending on what is indexed, this allows reading documents the request should not have access to (for example a match-all query returns the entire index, or the route\u0027s intended per-user filter can be replaced), and expensive regular-expression queries can consume significant CPU. No credentials are required when the HTTP consumer is unauthenticated.\\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\\n\\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set the query via the raw header name must use CamelLuceneQuery (and CamelLuceneReturnLuceneDocs) instead of QUERY / RETURN_LUCENE_DOCS. For deployments that cannot upgrade immediately, strip the attacker-controllable headers before the Lucene producer and set the query from a trusted source (for example removeHeader(\u0027QUERY\u0027) and removeHeader(\u0027RETURN_LUCENE_DOCS\u0027), then setHeader(\u0027QUERY\u0027, constant(...)) at the start of the route).\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component.\u003c/p\u003eThe camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value was the plain string QUERY (and RETURN_LUCENE_DOCS for HEADER_RETURN_LUCENE_DOCS). Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that exposes a Lucene query operation behind an HTTP consumer (for example platform-http), any HTTP client could therefore set the QUERY header and have its value executed against the full-text index, overriding the query the route intended to run. Depending on what is indexed, this allows reading documents the request should not have access to (for example a match-all query returns the entire index, or the route\u0027s intended per-user filter can be replaced), and expensive regular-expression queries can consume significant CPU. No credentials are required when the HTTP consumer is unauthenticated.\u003cbr\u003e\u003cp\u003eThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set the query via the raw header name must use CamelLuceneQuery (and CamelLuceneReturnLuceneDocs) instead of QUERY / RETURN_LUCENE_DOCS. For deployments that cannot upgrade immediately, strip the attacker-controllable headers before the Lucene producer and set the query from a trusted source (for example removeHeader(\u0027QUERY\u0027) and removeHeader(\u0027RETURN_LUCENE_DOCS\u0027), then setHeader(\u0027QUERY\u0027, constant(...)) at the start of the route).\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-639\", \"description\": \"CWE-639 Authorization Bypass Through User-Controlled Key\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-07-06T08:03:16.498Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-46585\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-06T19:24:45.975Z\", \"dateReserved\": \"2026-05-15T07:54:48.302Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-07-06T08:03:16.498Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-46585
Vulnerability from fkie_nvd - Published: 2026-07-06 09:16 - Updated: 2026-07-06 20:16| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.camel:camel-lucene",
"product": "Apache Camel Lucene",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.14.8",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "4.18.3",
"status": "affected",
"version": "4.15.0",
"versionType": "semver"
},
{
"lessThan": "4.21.0",
"status": "affected",
"version": "4.19.0",
"versionType": "semver"
}
]
}
],
"source": "security@apache.org"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component.\n\nThe camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value was the plain string QUERY (and RETURN_LUCENE_DOCS for HEADER_RETURN_LUCENE_DOCS). Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that exposes a Lucene query operation behind an HTTP consumer (for example platform-http), any HTTP client could therefore set the QUERY header and have its value executed against the full-text index, overriding the query the route intended to run. Depending on what is indexed, this allows reading documents the request should not have access to (for example a match-all query returns the entire index, or the route\u0027s intended per-user filter can be replaced), and expensive regular-expression queries can consume significant CPU. No credentials are required when the HTTP consumer is unauthenticated.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set the query via the raw header name must use CamelLuceneQuery (and CamelLuceneReturnLuceneDocs) instead of QUERY / RETURN_LUCENE_DOCS. For deployments that cannot upgrade immediately, strip the attacker-controllable headers before the Lucene producer and set the query from a trusted source (for example removeHeader(\u0027QUERY\u0027) and removeHeader(\u0027RETURN_LUCENE_DOCS\u0027), then setHeader(\u0027QUERY\u0027, constant(...)) at the start of the route)."
}
],
"id": "CVE-2026-46585",
"lastModified": "2026-07-06T20:16:34.833",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-46585",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T19:24:25.722933Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-07-06T09:16:37.030",
"references": [
{
"source": "security@apache.org",
"url": "https://camel.apache.org/security/CVE-2026-46585.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2026/07/05/12"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
GHSA-566H-V38H-3XP3
Vulnerability from github – Published: 2026-07-06 09:30 – Updated: 2026-07-06 21:30Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component.
The camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value was the plain string QUERY (and RETURN_LUCENE_DOCS for HEADER_RETURN_LUCENE_DOCS). Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that exposes a Lucene query operation behind an HTTP consumer (for example platform-http), any HTTP client could therefore set the QUERY header and have its value executed against the full-text index, overriding the query the route intended to run. Depending on what is indexed, this allows reading documents the request should not have access to (for example a match-all query returns the entire index, or the route's intended per-user filter can be replaced), and expensive regular-expression queries can consume significant CPU. No credentials are required when the HTTP consumer is unauthenticated. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.
Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set the query via the raw header name must use CamelLuceneQuery (and CamelLuceneReturnLuceneDocs) instead of QUERY / RETURN_LUCENE_DOCS. For deployments that cannot upgrade immediately, strip the attacker-controllable headers before the Lucene producer and set the query from a trusted source (for example removeHeader('QUERY') and removeHeader('RETURN_LUCENE_DOCS'), then setHeader('QUERY', constant(...)) at the start of the route).
{
"affected": [],
"aliases": [
"CVE-2026-46585"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-06T09:16:37Z",
"severity": "HIGH"
},
"details": "Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component.\n\nThe camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value was the plain string QUERY (and RETURN_LUCENE_DOCS for HEADER_RETURN_LUCENE_DOCS). Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that exposes a Lucene query operation behind an HTTP consumer (for example platform-http), any HTTP client could therefore set the QUERY header and have its value executed against the full-text index, overriding the query the route intended to run. Depending on what is indexed, this allows reading documents the request should not have access to (for example a match-all query returns the entire index, or the route\u0027s intended per-user filter can be replaced), and expensive regular-expression queries can consume significant CPU. No credentials are required when the HTTP consumer is unauthenticated.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set the query via the raw header name must use CamelLuceneQuery (and CamelLuceneReturnLuceneDocs) instead of QUERY / RETURN_LUCENE_DOCS. For deployments that cannot upgrade immediately, strip the attacker-controllable headers before the Lucene producer and set the query from a trusted source (for example removeHeader(\u0027QUERY\u0027) and removeHeader(\u0027RETURN_LUCENE_DOCS\u0027), then setHeader(\u0027QUERY\u0027, constant(...)) at the start of the route).",
"id": "GHSA-566h-v38h-3xp3",
"modified": "2026-07-06T21:30:36Z",
"published": "2026-07-06T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46585"
},
{
"type": "WEB",
"url": "https://camel.apache.org/security/CVE-2026-46585.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/07/05/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2026-2203
Vulnerability from csaf_certbund - Published: 2026-07-05 22:00 - Updated: 2026-07-06 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apache Camel ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, serverseitige Request-Forgery durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-2203 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-2203.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-2203 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2203"
},
{
"category": "external",
"summary": "Apache Camel Security Information vom 2026-07-05",
"url": "https://camel.apache.org/security/"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-40047.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-40859.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-43865.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-43866.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46453.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46454.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46455.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46456.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46457.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46584.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46585.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46590.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46591.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46592.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46726.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-48203.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-48204.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-48205.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-48206.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49086.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49097.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49098.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49099.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49365.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-53913.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-55993.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-55994.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-56139.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-56140.html"
}
],
"source_lang": "en-US",
"title": "Apache Camel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-07-06T22:00:00.000+00:00",
"generator": {
"date": "2026-07-07T07:46:44.546+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-2203",
"initial_release_date": "2026-07-05T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-07-05T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-07-06T22:00:00.000+00:00",
"number": "2",
"summary": "CVE-Nummern erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.18.3",
"product": {
"name": "Apache Camel \u003c4.18.3",
"product_id": "T056164"
}
},
{
"category": "product_version",
"name": "4.18.3",
"product": {
"name": "Apache Camel 4.18.3",
"product_id": "T056164-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.18.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.21.0",
"product": {
"name": "Apache Camel \u003c4.21.0",
"product_id": "T056165"
}
},
{
"category": "product_version",
"name": "4.21.0",
"product": {
"name": "Apache Camel 4.21.0",
"product_id": "T056165-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.21.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.14.8",
"product": {
"name": "Apache Camel \u003c4.14.8",
"product_id": "T056166"
}
},
{
"category": "product_version",
"name": "4.14.8",
"product": {
"name": "Apache Camel 4.14.8",
"product_id": "T056166-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.14.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.20.0",
"product": {
"name": "Apache Camel \u003c4.20.0",
"product_id": "T056168"
}
},
{
"category": "product_version",
"name": "4.20.0",
"product": {
"name": "Apache Camel 4.20.0",
"product_id": "T056168-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.20.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.19.0",
"product": {
"name": "Apache Camel \u003c4.19.0",
"product_id": "T056169"
}
},
{
"category": "product_version",
"name": "4.19.0",
"product": {
"name": "Apache Camel 4.19.0",
"product_id": "T056169-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.19.0"
}
}
}
],
"category": "product_name",
"name": "Camel"
}
],
"category": "vendor",
"name": "Apache"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40047",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-40047"
},
{
"cve": "CVE-2026-40859",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-40859"
},
{
"cve": "CVE-2026-43865",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-43865"
},
{
"cve": "CVE-2026-43866",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-43866"
},
{
"cve": "CVE-2026-43867",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-43867"
},
{
"cve": "CVE-2026-46453",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46453"
},
{
"cve": "CVE-2026-46454",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46454"
},
{
"cve": "CVE-2026-46455",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46455"
},
{
"cve": "CVE-2026-46456",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46456"
},
{
"cve": "CVE-2026-46457",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46457"
},
{
"cve": "CVE-2026-46584",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46584"
},
{
"cve": "CVE-2026-46585",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46585"
},
{
"cve": "CVE-2026-46587",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46587"
},
{
"cve": "CVE-2026-46588",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46588"
},
{
"cve": "CVE-2026-46590",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46590"
},
{
"cve": "CVE-2026-46591",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46591"
},
{
"cve": "CVE-2026-46592",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46592"
},
{
"cve": "CVE-2026-46726",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46726"
},
{
"cve": "CVE-2026-48203",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-48203"
},
{
"cve": "CVE-2026-48204",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-48204"
},
{
"cve": "CVE-2026-48205",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-48205"
},
{
"cve": "CVE-2026-48206",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-48206"
},
{
"cve": "CVE-2026-49042",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49042"
},
{
"cve": "CVE-2026-49086",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49086"
},
{
"cve": "CVE-2026-49097",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49097"
},
{
"cve": "CVE-2026-49098",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49098"
},
{
"cve": "CVE-2026-49099",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49099"
},
{
"cve": "CVE-2026-49365",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49365"
},
{
"cve": "CVE-2026-53913",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-53913"
},
{
"cve": "CVE-2026-55993",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-55993"
},
{
"cve": "CVE-2026-55994",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-55994"
},
{
"cve": "CVE-2026-56139",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-56139"
},
{
"cve": "CVE-2026-56140",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-56140"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.