Total CVEs

143,208

Critical Severity

4,054

High Severity

14,598

Last 7 Days

1,280
Quick preset (or use dates below)
Clear Filters
Showing 1 - 20 of 54 CVEs
CVE-2026-49042 HIGH - 7.3

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-46588 HIGH - 7.3

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-46587 HIGH - 7.3

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-56140 CRITICAL - 9.8

Improper Input Validation vulnerability in Apache Camel AWS SNS component. The camel-aws2-sns component filters Camel headers through a component-specific HeaderFilterStrategy, Sns2HeaderFilterStrategy. Like the sibling Sqs2HeaderFilterStrategy, it originally configured only an outbound filter (se...

Vendor: Apache Software Foundation
Product: Apache Camel AWS2 SNS
Published: Jul 06, 2026
Source: NVD
CVE-2026-56139 MEDIUM - 5.3

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow Component. The camel-undertow HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false, wh...

Vendor: Apache Software Foundation
Product: Apache Camel Undertow
Published: Jul 06, 2026
Source: NVD
CVE-2026-55994 HIGH - 7.5

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any...

Vendor: Apache Software Foundation
Product: Apache Camel Iggy
Published: Jul 06, 2026
Source: NVD
CVE-2026-55993 HIGH - 7.5

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Atmosphere Websocket Component. The camel-atmosphere-websocket consumer mapped inbound WebSocket query parameters into the Camel Exchange header...

Vendor: Apache Software Foundation
Product: Apache Camel Atmosphere Websocket
Published: Jul 06, 2026
Source: NVD
CVE-2026-53913 CRITICAL - 9.8

Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failing Open') vulnerability in Apache Camel Keycloak Component. The KeycloakSecurityPolicy of camel-keycloak guards a route by running KeycloakSecurityProcessor.beforeProcess(), which performs t...

Vendor: Apache Software Foundation
Product: Apache Camel Keycloak
Published: Jul 06, 2026
Source: NVD
CVE-2026-49365 MEDIUM - 5.3

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to false...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-49099 MEDIUM - 5.3

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SO...

Vendor: Apache Software Foundation
Product: Apache Camel Salesforce
Published: Jul 06, 2026
Source: NVD
CVE-2026-49098 MEDIUM - 5.3

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDE_TOPIC Exchange ...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-49097 MEDIUM - 6.5

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header (the con...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-49086 MEDIUM - 6.5

Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer (DaprPubSubConsumer) copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the Came...

Vendor: Apache Software Foundation
Product: Apache Camel Dapr
Published: Jul 06, 2026
Source: NVD
CVE-2026-48206 MEDIUM - 5.3

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minutes ...

Vendor: Apache Software Foundation
Product: Apache Camel JIRA
Published: Jul 06, 2026
Source: NVD
CVE-2026-48205 CRITICAL - 9.1

Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers who...

Vendor: Apache Software Foundation
Product: Apache Camel DNS
Published: Jul 06, 2026
Source: NVD
CVE-2026-48204 CRITICAL - 9.8

Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is ...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-48203 CRITICAL - 9.1

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with th...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-46726 HIGH - 7.5

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header ...

Vendor: Apache Software Foundation
Product: Apache Camel Vertx Websocket
Published: Jul 06, 2026
Source: NVD
CVE-2026-46592 HIGH - 7.5

Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apache Camel CXF SOAP component. The camel-cxf producer selects which SOAP operation to invoke on the backend service from the operationName (and operationNamespace) Exchange header, whose con...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD
CVE-2026-46591 HIGH - 8.2

Improper Neutralization of Special Elements in Data Query Logic vulnerability in Apache Camel Neo4J component. The camel-neo4j producer builds the Cypher WHERE clause for its match/retrieve and delete operations from the CamelNeo4jMatchProperties map. CVE-2025-66169 addressed Cypher injection throu...

Vendor: Apache Software Foundation
Product: Apache Camel
Published: Jul 06, 2026
Source: NVD