Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23570
Total
1678
Critical
7413
High
7498
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-49098 | UNKNOWN | — | Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache Camel Kafka Component. The camel-kafka producer … | Jul 06, 2026 |
| CVE-2026-49097 | MEDIUM | 6.5 | Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache Camel IRC component. The camel-irc producer … | Jul 06, 2026 |
| CVE-2026-49086 | MEDIUM | 6.5 | Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer (DaprPubSubConsumer) copied two fields from … | Jul 06, 2026 |
| CVE-2026-48206 | MEDIUM | 5.3 | Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, … | Jul 06, 2026 |
| CVE-2026-48205 | CRITICAL | 9.1 | Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, … | Jul 06, 2026 |
| CVE-2026-48204 | CRITICAL | 9.8 | Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from … | Jul 06, 2026 |
| CVE-2026-48203 | CRITICAL | 9.1 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Solr … | Jul 06, 2026 |
| CVE-2026-46726 | HIGH | 7.5 | Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket … | Jul 06, 2026 |
| CVE-2026-46592 | HIGH | 7.5 | Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke … | Jul 06, 2026 |
| CVE-2026-46591 | HIGH | 8.2 | Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its … | Jul 06, 2026 |
| CVE-2026-46590 | HIGH | 8.8 | Deserialization of Untrusted Data vulnerability in Apache Camel PQC component. The camel-pqc component persists post-quantum key metadata (KeyMetadata) through pluggable KeyLifecycleManager implementations. HashicorpVaultKeyLifecycleManager and AwsSecretsManagerKeyLifecycleManager … | Jul 06, 2026 |
| CVE-2026-46585 | HIGH | 7.5 | Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component. The camel-lucene producer reads the search phrase from an Exchange header … | Jul 06, 2026 |
| CVE-2026-46584 | LOW | 3.7 | Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer (MailProducer.getSender) scanned the outgoing Exchange … | Jul 06, 2026 |
| CVE-2026-46457 | HIGH | 7.5 | Improper Input Validation vulnerability in Apache Camel NATS component. The camel-nats component maps inbound NATS message headers into the Camel Exchange but defaulted its headerFilterStrategy … | Jul 06, 2026 |
| CVE-2026-46456 | CRITICAL | 9.8 | Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy … | Jul 06, 2026 |
| CVE-2026-46455 | CRITICAL | 9.8 | Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks(...) with only the subject-exists check … | Jul 06, 2026 |
| CVE-2026-46454 | CRITICAL | 9.8 | Improper Input Validation vulnerability in Apache Camel Cometd Component. The camel-cometd component maps inbound Bayeux (CometD) message headers into the Camel Exchange without applying a … | Jul 06, 2026 |
| CVE-2026-46453 | MEDIUM | 5.3 | Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its … | Jul 06, 2026 |
| CVE-2026-44934 | UNKNOWN | — | A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with … | Jul 06, 2026 |
| CVE-2026-43867 | CRITICAL | 9.8 | Deserialization of Untrusted Data vulnerability in Apache Camel PQC Component. The camel-pqc component persists post-quantum key metadata (KeyMetadata) through pluggable KeyLifecycleManager implementations. AwsSecretsManagerKeyLifecycleManager.deserializeMetadata() reads that … | Jul 06, 2026 |
| CVE-2026-43866 | HIGH | 7.3 | Deserialization of Untrusted Data vulnerability in Apache Camel, Apache Camel JMS component. JmsBinding.extractBodyFromJms() in camel-jms - and the equivalent JmsBinding in camel-sjms - deserializes the … | Jul 06, 2026 |
| CVE-2026-43865 | HIGH | 8.1 | Deserialization of Untrusted Data vulnerability in Apache Camel Hazelcast component. The camel-hazelcast component creates and manages Hazelcast instances using a default configuration that applies no … | Jul 06, 2026 |
| CVE-2026-42527 | HIGH | 8.1 | Deserialization of Untrusted Data vulnerability in Apache Camel. The default ObjectInputFilter pattern shipped with several Apache Camel components for defense-in-depth deserialization filtering ('java.**;javax.**;org.apache.camel.**;!*', or the … | Jul 06, 2026 |
| CVE-2026-40859 | HIGH | 8.1 | Deserialization of Untrusted Data vulnerability in Apache Camel. The camel-vertx-http component deserializes HTTP response bodies carrying the Content-Type application/x-java-serialized-object using a raw java.io.ObjectInputStream, without applying … | Jul 06, 2026 |
| CVE-2026-40047 | CRITICAL | 9.1 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component. The camel-docling component invokes the external `docling` command-line tool … | Jul 06, 2026 |