CVE-2026-46592
- EPSS 0.4%
- Veröffentlicht 06.07.2026 08:04:32
- Zuletzt bearbeitet 08.07.2026 14:54:24
Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName (and operat...
CVE-2026-46591
- EPSS 0.33%
- Veröffentlicht 06.07.2026 08:04:17
- Zuletzt bearbeitet 08.07.2026 15:05:01
Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties ma...
CVE-2026-46590
- EPSS 0.49%
- Veröffentlicht 06.07.2026 08:03:54
- Zuletzt bearbeitet 08.07.2026 15:05:34
Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata (KeyMetadata) through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsS...
CVE-2026-46585
- EPSS 0.4%
- Veröffentlicht 06.07.2026 08:03:16
- Zuletzt bearbeitet 08.07.2026 15:06:03
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component. The camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value was the ...
CVE-2026-46584
- EPSS 0.38%
- Veröffentlicht 06.07.2026 08:02:37
- Zuletzt bearbeitet 08.07.2026 15:06:26
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer (MailProducer.getSender) scanned the outgoing Exchange for message headers in the mail.smtp. ...
CVE-2026-46457
- EPSS 0.42%
- Veröffentlicht 06.07.2026 07:57:13
- Zuletzt bearbeitet 08.07.2026 03:14:59
Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy to a bare new DefaultHeaderFilterStrategy() with no inb...
CVE-2026-46456
- EPSS 0.47%
- Veröffentlicht 06.07.2026 07:56:51
- Zuletzt bearbeitet 08.07.2026 03:15:11
Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured o...
CVE-2026-46455
- EPSS 0.41%
- Veröffentlicht 06.07.2026 07:56:29
- Zuletzt bearbeitet 08.07.2026 03:15:29
Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks(...) with only the subject-exists ...
CVE-2026-46454
- EPSS 0.49%
- Veröffentlicht 06.07.2026 07:56:14
- Zuletzt bearbeitet 08.07.2026 03:15:21
Improper Input Validation vulnerability in Apache Camel Cometd Component. The camel-cometd component maps inbound Bayeux (CometD) message headers into the Camel Exchange without applying a HeaderFilterStrategy. CometdBinding.populateExchangeFromMess...
CVE-2026-46453
- EPSS 0.45%
- Veröffentlicht 06.07.2026 07:55:56
- Zuletzt bearbeitet 07.07.2026 23:30:09
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its behaviour - SEARCH_QUERY...