Apache Software Foundation
556 tracked vulnerabilities.
CVE-2026-46587
HIGH
Apache Camel: Couchbase: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input
Jul 06, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-56140
CRITICAL
Apache Camel AWS2 SNS: An inbound Camel-namespace filter was added to Sns2HeaderFilterStrategy to align it with sibling components
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-56139
MEDIUM
Apache Camel Undertow - Stack Trace Information Disclosure
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-55994
HIGH
Apache Camel Iggy - Server-Side Request Forgery via Iggy User Headers
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-55993
HIGH
Apache Camel Atmosphere Websocket - Server-Side Request Forgery via Query Parameters
Jul 06, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-53913
CRITICAL
Apache Camel Keycloak 4.18.3 and 4.21.0 - Remote Code Execution
Jul 06, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-49365
MEDIUM
Apache Camel Netty HTTP - Stack Trace Information Disclosure
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-49099
MEDIUM
Apache Camel Salesforce: Non-Camel-prefixed Exchange header constants bypass the HTTP header filter, allowing an HTTP client to influence internal behaviour
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-49098
MEDIUM
Apache Camel Kafka - Kafka Header Control Injection
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-49097
MEDIUM
Apache Camel IRC - Message Redirection via irc.* Headers
Jul 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-49086
MEDIUM
Apache Camel Dapr - Pub/Sub Message Rerouting via CloudEvent Headers
Jul 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-48206
MEDIUM
Apache Camel Jira 4.14.8, 4.18.3, and 4.21.0 - Authorization Bypass
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-48205
CRITICAL
Apache Camel DNS - Server-Side Request Forgery via DNS Headers
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-48204
CRITICAL
Apache Camel MongoDB GridFS - GridFS Operation Override
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48203
CRITICAL
Apache Camel Solr - Server-Side Request Forgery via SolrParam Headers
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-46726
HIGH
Apache Camel Vertx Websocket - Server-Side Request Forgery via Query Parameters
Jul 06, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-46592
HIGH
Apache Camel CXF - SOAP Operation Redirection via Headers
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46591
HIGH
Apache Camel Neo4j - Cypher Injection via JSON Property Names
Jul 06, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-46590
HIGH
Apache Camel PQC - Key Metadata Deserialization
Jul 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-46585
HIGH
Apache Camel Lucene 4.14.8, 4.18.3, and 4.21.0 - Authorization Bypass
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46584
LOW
Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters
Jul 06, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-46457
HIGH
Apache Camel NATS - Camel Control Header Injection
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46456
CRITICAL
Apache Camel AWS2-SQS - Camel Control Header Injection
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-46455
CRITICAL
Apache Camel Keycloak - Expired Token Acceptance
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-46454
CRITICAL
Apache Camel CometD - Unauthenticated Camel Control Header Injection
Jul 06, 2026
CVSS 9.8
EPSS 0.00
Products
Apache Tomcat 50
Apache Airflow 42
Apache HTTP Server 36
Apache Camel 33
Apache ActiveMQ 23
Apache OFBiz 22
Apache CXF 20
Apache ActiveMQ All 17
Apache APISIX 15
Apache OpenMeetings 15
Apache ActiveMQ Broker 13
Apache IoTDB 12
Apache NiFi 12
Apache Struts 12
Apache Thrift 11
Apache Atlas 9
Apache DolphinScheduler 8
Apache Answer 7
Apache CloudStack 7
Apache Hadoop 6
Apache OpenOffice 6
Apache Shiro 6
Apache Wicket 6
Apache Kvrocks 5
Apache MINA 5
Apache Ranger 5
Apache ActiveMQ Client 4
Apache Ambari 4
Apache Gravitino 4
Apache Log4j 1.x 4
Quick Filters