Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-48203 (GCVE-0-2026-48203)
Vulnerability from cvelistv5 – Published: 2026-07-06 08:06 – Updated: 2026-07-06 19:17| URL | Tags |
|---|---|
| http://camel.apache.org/security/CVE-2026-48203.html | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2026/0… |
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Camel |
Affected:
4.0.0 , < 4.14.8
(semver)
Affected: 4.15.0 , < 4.18.3 (semver) Affected: 4.19.0 , < 4.21.0 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-07-06T09:25:27.765Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/07/05/17"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-48203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T19:17:14.778965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T19:17:53.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.camel:camel-solr",
"product": "Apache Camel",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.14.8",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "4.18.3",
"status": "affected",
"version": "4.15.0",
"versionType": "semver"
},
{
"lessThan": "4.21.0",
"status": "affected",
"version": "4.19.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yu Bao from Paypal"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Andrea Cosentino"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Solr component.\u003c/p\u003eThe camel-solr producer copies Exchange message headers whose names begin with the SolrParam. prefix into the parameters of the Solr request, and headers whose names begin with the SolrField. prefix into the fields of the indexed Solr document. The prefix constants (SolrConstants.HEADER_PARAM_PREFIX / HEADER_FIELD_PREFIX) were the plain strings SolrParam. / SolrField.. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a solr: producer, any HTTP client could therefore set SolrParam.* headers to inject arbitrary Solr request parameters - including shards or stream.url, which cause the Solr server to issue server-side requests to an attacker-chosen URL (server-side request forgery, for example to an internal service or a cloud metadata endpoint), or qt to reach administrative request handlers - and set SolrField.* headers to inject arbitrary fields into indexed documents. No credentials are required when the bridging consumer is unauthenticated.\u003cbr\u003e\u003cp\u003eThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set Solr parameters or fields via the raw header prefixes must use CamelSolrParam. / CamelSolrField. instead of SolrParam. / SolrField.. For deployments that cannot upgrade immediately, strip the SolrParam.* and SolrField.* headers from any untrusted ingress before the solr: producer, and set the required Solr parameters and fields from a trusted source in the route.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Solr component.\n\nThe camel-solr producer copies Exchange message headers whose names begin with the SolrParam. prefix into the parameters of the Solr request, and headers whose names begin with the SolrField. prefix into the fields of the indexed Solr document. The prefix constants (SolrConstants.HEADER_PARAM_PREFIX / HEADER_FIELD_PREFIX) were the plain strings SolrParam. / SolrField.. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a solr: producer, any HTTP client could therefore set SolrParam.* headers to inject arbitrary Solr request parameters - including shards or stream.url, which cause the Solr server to issue server-side requests to an attacker-chosen URL (server-side request forgery, for example to an internal service or a cloud metadata endpoint), or qt to reach administrative request handlers - and set SolrField.* headers to inject arbitrary fields into indexed documents. No credentials are required when the bridging consumer is unauthenticated.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set Solr parameters or fields via the raw header prefixes must use CamelSolrParam. / CamelSolrField. instead of SolrParam. / SolrField.. For deployments that cannot upgrade immediately, strip the SolrParam.* and SolrField.* headers from any untrusted ingress before the solr: producer, and set the required Solr parameters and fields from a trusted source in the route."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T08:06:22.592Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "http://camel.apache.org/security/CVE-2026-48203.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Camel: Camel-Solr: The SolrParam. and SolrField. Exchange header prefixes used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to inject Solr query parameters (server-side request forgery) and document fields",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2026-48203",
"datePublished": "2026-07-06T08:06:22.592Z",
"dateReserved": "2026-05-21T08:58:37.029Z",
"dateUpdated": "2026-07-06T19:17:53.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-48203",
"date": "2026-07-06",
"epss": "0.00185",
"percentile": "0.08327"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-48203\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2026-07-06T09:16:37.633\",\"lastModified\":\"2026-07-06T20:16:35.840\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Solr component.\\n\\nThe camel-solr producer copies Exchange message headers whose names begin with the SolrParam. prefix into the parameters of the Solr request, and headers whose names begin with the SolrField. prefix into the fields of the indexed Solr document. The prefix constants (SolrConstants.HEADER_PARAM_PREFIX / HEADER_FIELD_PREFIX) were the plain strings SolrParam. / SolrField.. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a solr: producer, any HTTP client could therefore set SolrParam.* headers to inject arbitrary Solr request parameters - including shards or stream.url, which cause the Solr server to issue server-side requests to an attacker-chosen URL (server-side request forgery, for example to an internal service or a cloud metadata endpoint), or qt to reach administrative request handlers - and set SolrField.* headers to inject arbitrary fields into indexed documents. No credentials are required when the bridging consumer is unauthenticated.\\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\\n\\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set Solr parameters or fields via the raw header prefixes must use CamelSolrParam. / CamelSolrField. instead of SolrParam. / SolrField.. For deployments that cannot upgrade immediately, strip the SolrParam.* and SolrField.* headers from any untrusted ingress before the solr: producer, and set the required Solr parameters and fields from a trusted source in the route.\"}],\"affected\":[{\"source\":\"security@apache.org\",\"affectedData\":[{\"vendor\":\"Apache Software Foundation\",\"product\":\"Apache Camel\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://repo.maven.apache.org/maven2\",\"packageName\":\"org.apache.camel:camel-solr\",\"versions\":[{\"version\":\"4.0.0\",\"lessThan\":\"4.14.8\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.15.0\",\"lessThan\":\"4.18.3\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.19.0\",\"lessThan\":\"4.21.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-06T19:17:14.778965Z\",\"id\":\"CVE-2026-48203\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-74\"},{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"http://camel.apache.org/security/CVE-2026-48203.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/07/05/17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/07/05/17\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-07-06T09:25:27.765Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-48203\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-06T19:17:14.778965Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-07-06T19:17:47.348Z\"}}], \"cna\": {\"title\": \"Apache Camel: Camel-Solr: The SolrParam. and SolrField. Exchange header prefixes used non-Camel-prefixed names that bypass the HTTP header filter, allowing an HTTP client to inject Solr query parameters (server-side request forgery) and document fields\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Yu Bao from Paypal\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Andrea Cosentino\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Camel\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0.0\", \"lessThan\": \"4.14.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.15.0\", \"lessThan\": \"4.18.3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.19.0\", \"lessThan\": \"4.21.0\", \"versionType\": \"semver\"}], \"packageName\": \"org.apache.camel:camel-solr\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"http://camel.apache.org/security/CVE-2026-48203.html\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Solr component.\\n\\nThe camel-solr producer copies Exchange message headers whose names begin with the SolrParam. prefix into the parameters of the Solr request, and headers whose names begin with the SolrField. prefix into the fields of the indexed Solr document. The prefix constants (SolrConstants.HEADER_PARAM_PREFIX / HEADER_FIELD_PREFIX) were the plain strings SolrParam. / SolrField.. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a solr: producer, any HTTP client could therefore set SolrParam.* headers to inject arbitrary Solr request parameters - including shards or stream.url, which cause the Solr server to issue server-side requests to an attacker-chosen URL (server-side request forgery, for example to an internal service or a cloud metadata endpoint), or qt to reach administrative request handlers - and set SolrField.* headers to inject arbitrary fields into indexed documents. No credentials are required when the bridging consumer is unauthenticated.\\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\\n\\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set Solr parameters or fields via the raw header prefixes must use CamelSolrParam. / CamelSolrField. instead of SolrParam. / SolrField.. For deployments that cannot upgrade immediately, strip the SolrParam.* and SolrField.* headers from any untrusted ingress before the solr: producer, and set the required Solr parameters and fields from a trusted source in the route.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Solr component.\u003c/p\u003eThe camel-solr producer copies Exchange message headers whose names begin with the SolrParam. prefix into the parameters of the Solr request, and headers whose names begin with the SolrField. prefix into the fields of the indexed Solr document. The prefix constants (SolrConstants.HEADER_PARAM_PREFIX / HEADER_FIELD_PREFIX) were the plain strings SolrParam. / SolrField.. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a solr: producer, any HTTP client could therefore set SolrParam.* headers to inject arbitrary Solr request parameters - including shards or stream.url, which cause the Solr server to issue server-side requests to an attacker-chosen URL (server-side request forgery, for example to an internal service or a cloud metadata endpoint), or qt to reach administrative request handlers - and set SolrField.* headers to inject arbitrary fields into indexed documents. No credentials are required when the bridging consumer is unauthenticated.\u003cbr\u003e\u003cp\u003eThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set Solr parameters or fields via the raw header prefixes must use CamelSolrParam. / CamelSolrField. instead of SolrParam. / SolrField.. For deployments that cannot upgrade immediately, strip the SolrParam.* and SolrField.* headers from any untrusted ingress before the solr: producer, and set the required Solr parameters and fields from a trusted source in the route.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-74\", \"description\": \"CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper Input Validation\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918 Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2026-07-06T08:06:22.592Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-48203\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-06T19:17:53.635Z\", \"dateReserved\": \"2026-05-21T08:58:37.029Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2026-07-06T08:06:22.592Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-48203
Vulnerability from fkie_nvd - Published: 2026-07-06 09:16 - Updated: 2026-07-06 20:16| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.camel:camel-solr",
"product": "Apache Camel",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.14.8",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "4.18.3",
"status": "affected",
"version": "4.15.0",
"versionType": "semver"
},
{
"lessThan": "4.21.0",
"status": "affected",
"version": "4.19.0",
"versionType": "semver"
}
]
}
],
"source": "security@apache.org"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Solr component.\n\nThe camel-solr producer copies Exchange message headers whose names begin with the SolrParam. prefix into the parameters of the Solr request, and headers whose names begin with the SolrField. prefix into the fields of the indexed Solr document. The prefix constants (SolrConstants.HEADER_PARAM_PREFIX / HEADER_FIELD_PREFIX) were the plain strings SolrParam. / SolrField.. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a solr: producer, any HTTP client could therefore set SolrParam.* headers to inject arbitrary Solr request parameters - including shards or stream.url, which cause the Solr server to issue server-side requests to an attacker-chosen URL (server-side request forgery, for example to an internal service or a cloud metadata endpoint), or qt to reach administrative request handlers - and set SolrField.* headers to inject arbitrary fields into indexed documents. No credentials are required when the bridging consumer is unauthenticated.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set Solr parameters or fields via the raw header prefixes must use CamelSolrParam. / CamelSolrField. instead of SolrParam. / SolrField.. For deployments that cannot upgrade immediately, strip the SolrParam.* and SolrField.* headers from any untrusted ingress before the solr: producer, and set the required Solr parameters and fields from a trusted source in the route."
}
],
"id": "CVE-2026-48203",
"lastModified": "2026-07-06T20:16:35.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-48203",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T19:17:14.778965Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-07-06T09:16:37.633",
"references": [
{
"source": "security@apache.org",
"url": "http://camel.apache.org/security/CVE-2026-48203.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2026/07/05/17"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
GHSA-4H4F-V54Q-7PQ8
Vulnerability from github – Published: 2026-07-06 09:30 – Updated: 2026-07-06 21:30Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Solr component.
The camel-solr producer copies Exchange message headers whose names begin with the SolrParam. prefix into the parameters of the Solr request, and headers whose names begin with the SolrField. prefix into the fields of the indexed Solr document. The prefix constants (SolrConstants.HEADER_PARAM_PREFIX / HEADER_FIELD_PREFIX) were the plain strings SolrParam. / SolrField.. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a solr: producer, any HTTP client could therefore set SolrParam. headers to inject arbitrary Solr request parameters - including shards or stream.url, which cause the Solr server to issue server-side requests to an attacker-chosen URL (server-side request forgery, for example to an internal service or a cloud metadata endpoint), or qt to reach administrative request handlers - and set SolrField. headers to inject arbitrary fields into indexed documents. No credentials are required when the bridging consumer is unauthenticated. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.
Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set Solr parameters or fields via the raw header prefixes must use CamelSolrParam. / CamelSolrField. instead of SolrParam. / SolrField.. For deployments that cannot upgrade immediately, strip the SolrParam. and SolrField. headers from any untrusted ingress before the solr: producer, and set the required Solr parameters and fields from a trusted source in the route.
{
"affected": [],
"aliases": [
"CVE-2026-48203"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-06T09:16:37Z",
"severity": "CRITICAL"
},
"details": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027), Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Solr component.\n\nThe camel-solr producer copies Exchange message headers whose names begin with the SolrParam. prefix into the parameters of the Solr request, and headers whose names begin with the SolrField. prefix into the fields of the indexed Solr document. The prefix constants (SolrConstants.HEADER_PARAM_PREFIX / HEADER_FIELD_PREFIX) were the plain strings SolrParam. / SolrField.. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a solr: producer, any HTTP client could therefore set SolrParam.* headers to inject arbitrary Solr request parameters - including shards or stream.url, which cause the Solr server to issue server-side requests to an attacker-chosen URL (server-side request forgery, for example to an internal service or a cloud metadata endpoint), or qt to reach administrative request handlers - and set SolrField.* headers to inject arbitrary fields into indexed documents. No credentials are required when the bridging consumer is unauthenticated.\nThis issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.\n\nUsers are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set Solr parameters or fields via the raw header prefixes must use CamelSolrParam. / CamelSolrField. instead of SolrParam. / SolrField.. For deployments that cannot upgrade immediately, strip the SolrParam.* and SolrField.* headers from any untrusted ingress before the solr: producer, and set the required Solr parameters and fields from a trusted source in the route.",
"id": "GHSA-4h4f-v54q-7pq8",
"modified": "2026-07-06T21:30:36Z",
"published": "2026-07-06T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48203"
},
{
"type": "WEB",
"url": "http://camel.apache.org/security/CVE-2026-48203.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/07/05/17"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2026-2203
Vulnerability from csaf_certbund - Published: 2026-07-05 22:00 - Updated: 2026-07-06 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apache Camel <4.18.3
Apache / Camel
|
<4.18.3 | ||
|
Apache Camel <4.21.0
Apache / Camel
|
<4.21.0 | ||
|
Apache Camel <4.14.8
Apache / Camel
|
<4.14.8 | ||
|
Apache Camel <4.20.0
Apache / Camel
|
<4.20.0 | ||
|
Apache Camel <4.19.0
Apache / Camel
|
<4.19.0 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apache Camel ist ein Integrations-Framework, das Enterprise Integration Patterns implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Apache Camel ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, serverseitige Request-Forgery durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-2203 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-2203.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-2203 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2203"
},
{
"category": "external",
"summary": "Apache Camel Security Information vom 2026-07-05",
"url": "https://camel.apache.org/security/"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-40047.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-40859.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-43865.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-43866.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46453.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46454.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46455.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46456.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46457.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46584.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46585.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46590.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46591.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46592.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-46726.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-48203.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-48204.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-48205.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-48206.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49086.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49097.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49098.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49099.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-49365.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-53913.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-55993.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-55994.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-56139.html"
},
{
"category": "external",
"summary": "Apache Camel Security Advisory vom 2026-07-05",
"url": "https://camel.apache.org/security/CVE-2026-56140.html"
}
],
"source_lang": "en-US",
"title": "Apache Camel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-07-06T22:00:00.000+00:00",
"generator": {
"date": "2026-07-07T07:46:44.546+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-2203",
"initial_release_date": "2026-07-05T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-07-05T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-07-06T22:00:00.000+00:00",
"number": "2",
"summary": "CVE-Nummern erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.18.3",
"product": {
"name": "Apache Camel \u003c4.18.3",
"product_id": "T056164"
}
},
{
"category": "product_version",
"name": "4.18.3",
"product": {
"name": "Apache Camel 4.18.3",
"product_id": "T056164-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.18.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.21.0",
"product": {
"name": "Apache Camel \u003c4.21.0",
"product_id": "T056165"
}
},
{
"category": "product_version",
"name": "4.21.0",
"product": {
"name": "Apache Camel 4.21.0",
"product_id": "T056165-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.21.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.14.8",
"product": {
"name": "Apache Camel \u003c4.14.8",
"product_id": "T056166"
}
},
{
"category": "product_version",
"name": "4.14.8",
"product": {
"name": "Apache Camel 4.14.8",
"product_id": "T056166-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.14.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.20.0",
"product": {
"name": "Apache Camel \u003c4.20.0",
"product_id": "T056168"
}
},
{
"category": "product_version",
"name": "4.20.0",
"product": {
"name": "Apache Camel 4.20.0",
"product_id": "T056168-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.20.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.19.0",
"product": {
"name": "Apache Camel \u003c4.19.0",
"product_id": "T056169"
}
},
{
"category": "product_version",
"name": "4.19.0",
"product": {
"name": "Apache Camel 4.19.0",
"product_id": "T056169-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:apache:camel:4.19.0"
}
}
}
],
"category": "product_name",
"name": "Camel"
}
],
"category": "vendor",
"name": "Apache"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-40047",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-40047"
},
{
"cve": "CVE-2026-40859",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-40859"
},
{
"cve": "CVE-2026-43865",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-43865"
},
{
"cve": "CVE-2026-43866",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-43866"
},
{
"cve": "CVE-2026-43867",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-43867"
},
{
"cve": "CVE-2026-46453",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46453"
},
{
"cve": "CVE-2026-46454",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46454"
},
{
"cve": "CVE-2026-46455",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46455"
},
{
"cve": "CVE-2026-46456",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46456"
},
{
"cve": "CVE-2026-46457",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46457"
},
{
"cve": "CVE-2026-46584",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46584"
},
{
"cve": "CVE-2026-46585",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46585"
},
{
"cve": "CVE-2026-46587",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46587"
},
{
"cve": "CVE-2026-46588",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46588"
},
{
"cve": "CVE-2026-46590",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46590"
},
{
"cve": "CVE-2026-46591",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46591"
},
{
"cve": "CVE-2026-46592",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46592"
},
{
"cve": "CVE-2026-46726",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-46726"
},
{
"cve": "CVE-2026-48203",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-48203"
},
{
"cve": "CVE-2026-48204",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-48204"
},
{
"cve": "CVE-2026-48205",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-48205"
},
{
"cve": "CVE-2026-48206",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-48206"
},
{
"cve": "CVE-2026-49042",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49042"
},
{
"cve": "CVE-2026-49086",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49086"
},
{
"cve": "CVE-2026-49097",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49097"
},
{
"cve": "CVE-2026-49098",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49098"
},
{
"cve": "CVE-2026-49099",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49099"
},
{
"cve": "CVE-2026-49365",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-49365"
},
{
"cve": "CVE-2026-53913",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-53913"
},
{
"cve": "CVE-2026-55993",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-55993"
},
{
"cve": "CVE-2026-55994",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-55994"
},
{
"cve": "CVE-2026-56139",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-56139"
},
{
"cve": "CVE-2026-56140",
"product_status": {
"known_affected": [
"T056164",
"T056165",
"T056166",
"T056168",
"T056169"
]
},
"release_date": "2026-07-05T22:00:00.000+00:00",
"title": "CVE-2026-56140"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.