CVE-2026-40453
- EPSS 0.86%
- Veröffentlicht 27.04.2026 08:23:20
- Zuletzt bearbeitet 27.06.2026 05:16:44
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not a...
CVE-2026-40860
- EPSS 0.88%
- Veröffentlicht 27.04.2026 08:03:19
- Zuletzt bearbeitet 30.06.2026 03:19:20
JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() without applying any ObjectInputFilter, class allow...
CVE-2026-40048
- EPSS 0.34%
- Veröffentlicht 27.04.2026 07:53:54
- Zuletzt bearbeitet 30.06.2026 03:19:15
The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to `java....
CVE-2026-40473
- EPSS 0.93%
- Veröffentlicht 27.04.2026 07:51:59
- Zuletzt bearbeitet 30.06.2026 03:19:18
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. When a Camel route uses camel-mina as a TCP or UDP ...
CVE-2026-25747
- EPSS 0.9%
- Veröffentlicht 23.02.2026 08:45:45
- Zuletzt bearbeitet 30.06.2026 03:17:44
Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any O...
CVE-2026-23552
- EPSS 0.4%
- Veröffentlicht 23.02.2026 08:45:36
- Zuletzt bearbeitet 26.02.2026 16:46:16
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss (issuer) claim of JWT tokens against the configured realm. A token issued by one Keyc...
CVE-2025-66169
- EPSS 0.61%
- Veröffentlicht 14.01.2026 11:45:20
- Zuletzt bearbeitet 16.01.2026 14:29:11
Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0 Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS...
CVE-2025-30177
- EPSS 1.01%
- Veröffentlicht 01.04.2025 12:15:15
- Zuletzt bearbeitet 15.04.2025 13:00:12
Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10.3 for 4.10...
CVE-2025-29891
- EPSS 72%
- Veröffentlicht 12.03.2025 14:42:59
- Zuletzt bearbeitet 02.04.2025 20:37:07
Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS a...
CVE-2025-27636
- EPSS 79.82%
- Veröffentlicht 09.03.2025 13:15:34
- Zuletzt bearbeitet 23.06.2025 18:54:52
Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to v...