CVE-2026-43865
- EPSS 0.8%
- Veröffentlicht 06.07.2026 07:55:26
- Zuletzt bearbeitet 07.07.2026 23:38:55
Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no Java deserialization filter. When Camel builds t...
CVE-2026-42527
- EPSS 0.55%
- Veröffentlicht 06.07.2026 07:55:06
- Zuletzt bearbeitet 07.07.2026 23:42:40
Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering ('java.**;javax.**;org.apache.camel.**;!*', or the no-...
CVE-2026-40859
- EPSS 0.72%
- Veröffentlicht 06.07.2026 07:54:29
- Zuletzt bearbeitet 07.07.2026 17:40:09
Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying ...
CVE-2026-40047
- EPSS 1.57%
- Veröffentlicht 06.07.2026 07:46:57
- Zuletzt bearbeitet 08.07.2026 15:06:53
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component. The camel-docling component invokes the external `docling` command-line tool by assembling an argument list in Doclin...
CVE-2026-47323
- EPSS 1.43%
- Veröffentlicht 19.05.2026 12:25:49
- Zuletzt bearbeitet 27.06.2026 05:16:46
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttp...
CVE-2026-27172
- EPSS 0.67%
- Veröffentlicht 27.04.2026 09:59:45
- Zuletzt bearbeitet 30.06.2026 03:17:55
The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Consul KV store and passed them to ObjectInputStream.r...
- EPSS 6.16%
- Veröffentlicht 27.04.2026 09:58:48
- Zuletzt bearbeitet 30.06.2026 03:18:40
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution ...
CVE-2026-33454
- EPSS 0.62%
- Veröffentlicht 27.04.2026 09:42:39
- Zuletzt bearbeitet 27.06.2026 05:16:44
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOutFilterStartsWith, while it does not configure the ...
CVE-2026-40022
- EPSS 0.62%
- Veröffentlicht 27.04.2026 09:40:28
- Zuletzt bearbeitet 30.06.2026 03:19:15
When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the Basi...
CVE-2026-40858
- EPSS 0.71%
- Veröffentlicht 27.04.2026 09:38:55
- Zuletzt bearbeitet 30.06.2026 03:19:19
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputFilter. An attacker who can write to the Infinispan...