#apache-camel
4 articles
CVE-2026-33453: Header injection in Apache Camel camel-coap leads to RCE
Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to header-sensitive producers...
CVE-2026-33454: Header injection in Apache Camel camel-mail
Apache Camel's camel-mail component filters headers only on the 'out' direction, missing the 'in' direction - this allows control headers to be injected via inbound mail...
CVE-2026-40453: Incomplete header filter fix in Apache Camel
The fix for CVE-2025-27636 was not applied to five non-HTTP HeaderFilterStrategy implementations in camel-jms, camel-sjms, camel-coap and camel-google-pubsub, allowing case-variant header bypass...
CVE-2026-40860: Unsafe JMS ObjectMessage deserialization in Apache Camel
JmsBinding classes in camel-jms and camel-sjms deserialize JMS ObjectMessage without any ObjectInputFilter or class allowlist, allowing an attacker to achieve remote code execution via a crafted JMS message...