Apache Software Foundation

556 tracked vulnerabilities.

CVE-2026-46587 HIGH
Apache Camel: Couchbase: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input
Jul 06, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-56140 CRITICAL
Apache Camel AWS2 SNS: An inbound Camel-namespace filter was added to Sns2HeaderFilterStrategy to align it with sibling components
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-56139 MEDIUM
Apache Camel Undertow - Stack Trace Information Disclosure
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-55994 HIGH
Apache Camel Iggy - Server-Side Request Forgery via Iggy User Headers
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-55993 HIGH
Apache Camel Atmosphere Websocket - Server-Side Request Forgery via Query Parameters
Jul 06, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-53913 CRITICAL
Apache Camel Keycloak 4.18.3 and 4.21.0 - Remote Code Execution
Jul 06, 2026
CVSS 9.8
EPSS 0.01
CVE-2026-49365 MEDIUM
Apache Camel Netty HTTP - Stack Trace Information Disclosure
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-49099 MEDIUM
Apache Camel Salesforce: Non-Camel-prefixed Exchange header constants bypass the HTTP header filter, allowing an HTTP client to influence internal behaviour
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-49098 MEDIUM
Apache Camel Kafka - Kafka Header Control Injection
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-49097 MEDIUM
Apache Camel IRC - Message Redirection via irc.* Headers
Jul 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-49086 MEDIUM
Apache Camel Dapr - Pub/Sub Message Rerouting via CloudEvent Headers
Jul 06, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-48206 MEDIUM
Apache Camel Jira 4.14.8, 4.18.3, and 4.21.0 - Authorization Bypass
Jul 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-48205 CRITICAL
Apache Camel DNS - Server-Side Request Forgery via DNS Headers
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-48204 CRITICAL
Apache Camel MongoDB GridFS - GridFS Operation Override
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-48203 CRITICAL
Apache Camel Solr - Server-Side Request Forgery via SolrParam Headers
Jul 06, 2026
CVSS 9.1
EPSS 0.00
CVE-2026-46726 HIGH
Apache Camel Vertx Websocket - Server-Side Request Forgery via Query Parameters
Jul 06, 2026
CVSS 7.5
EPSS 0.01
CVE-2026-46592 HIGH
Apache Camel CXF - SOAP Operation Redirection via Headers
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46591 HIGH
Apache Camel Neo4j - Cypher Injection via JSON Property Names
Jul 06, 2026
CVSS 8.2
EPSS 0.00
CVE-2026-46590 HIGH
Apache Camel PQC - Key Metadata Deserialization
Jul 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-46585 HIGH
Apache Camel Lucene 4.14.8, 4.18.3, and 4.21.0 - Authorization Bypass
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46584 LOW
Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters
Jul 06, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-46457 HIGH
Apache Camel NATS - Camel Control Header Injection
Jul 06, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-46456 CRITICAL
Apache Camel AWS2-SQS - Camel Control Header Injection
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-46455 CRITICAL
Apache Camel Keycloak - Expired Token Acceptance
Jul 06, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-46454 CRITICAL
Apache Camel CometD - Unauthenticated Camel Control Header Injection
Jul 06, 2026
CVSS 9.8
EPSS 0.00