CVE-2026-47323— Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 2
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Camel | 3.18.0< 4.14.6 | affected |
4.15.0< 4.18.2 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-47323
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering
Source: NVD (National Vulnerability Database)
Vulnerability Description
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) only filter outbound Camel-internal headers via setOutFilterStartsWith, while not configuring inbound filtering via setInFilterStartsWith. As a result, an unauthenticated attacker can inject Camel-internal headers (e.g. CamelExecCommandExecutable, CamelFileName) via HTTP requests to CXF-RS or CXF-SOAP endpoints. When a route forwards messages from these endpoints to header-driven components such as camel-exec or camel-file, the injected headers override configured values, enabling remote code execution or arbitrary file writes. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177), the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891), and non-HTTP strategies (CVE-2026-40453). This issue affects Apache Camel: from 3.18.0 before 4.14.6, from 4.15.0 before 4.18.2. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.2. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
大小写敏感处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Camel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Camel是美国阿帕奇(Apache)基金会的一套开源的基于Enterprise Integration Pattern(企业整合模式,简称EIP)的集成框架。该框架提供企业集成模式的Java对象(POJO)的实现,且通过应用程序接口来配置路由和中介的规则。 Apache Camel 3.18.0至4.14.6版本和4.15.0至4.18.2版本存在安全漏洞,该漏洞源于CXF和Knative的HeaderFilterStrategy实现未配置入站过滤,导致未经身份验证的攻击者可通过HTTP请
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Camel | 3.18.0 ~ 4.14.6 | - |
II. Public POCs for CVE-2026-47323
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-47323
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-47323 (1)
Same Patch Batch · Apache Software Foundation · 2026-05-19 · 20 CVEs total
| CVE-2026-31909 | Apache OFBiz: Unauthenticated Shipment Label Image Disclosure | |
| CVE-2026-29220 | Apache OFBiz: Low-Privilege LFI in Content Component | |
| CVE-2026-29207 | Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component | |
| CVE-2026-29226 | Apache OFBiz: Low-Privilege SSRF in Content Component | |
| CVE-2026-31378 | Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execut | |
| CVE-2026-31379 | Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File W | |
| CVE-2026-31380 | Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass | |
| CVE-2026-31387 | Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonati | |
| CVE-2026-31388 | Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature | |
| CVE-2026-31906 | Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog P | |
| CVE-2026-27173 | Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command- | |
| CVE-2026-31910 | Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File | |
| CVE-2026-31986 | Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injectio | |
| CVE-2026-35086 | Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email s | |
| CVE-2026-41919 | Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Element | |
| CVE-2026-45187 | Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users | |
| CVE-2026-45434 | Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE | |
| CVE-2026-46586 | Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy | |
| CVE-2026-42526 | Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS |
IV. Related Vulnerabilities
Same product: Apache Camel
- CVE-2026-27172
Apache Camel: Unsafe Java deserialization in camel-consul Co - CVE-2026-33453
Apache Camel: CoAP URI Query Parameter to Exchange Header In - CVE-2026-33454
Apache Camel: Inbound Header Filter Missing in MailHeaderFil - CVE-2026-40858
Apache Camel: Camel-Infinispan: Unsafe Deserialization in Re - CVE-2026-40860
Apache Camel: Unsafe Deserialization of JMS ObjectMessage in
Same vendor: Apache Software Foundation
- CVE-2026-44417
Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS - CVE-2026-44618
Apache CXF: XXE vulnerability in WS-Transfer functionality - CVE-2026-44930
Apache CXF: LDAP Injection vulnerability in XKMS LDAP Reposi - CVE-2026-48207
Apache Fory: PyFory ReduceSerializer Incomplete Policy Enfor - CVE-2026-45760
Apache Camel K: Camel K Cross-Namespace Build Deputy Attack
Same weakness: CWE-178
- CVE-2026-43513
Apache Tomcat: LockOutRealm treats user names as case-sensit - CVE-2026-3833
Gnutls: gnutls: policy bypass due to case-sensitive namecons - CVE-2026-40453
Apache Camel JMS, Apache Camel CoAP, Apache Camel Google Pub - CVE-2026-22665
prompts.chat Identity Confusion via Case-Sensitive Username - CVE-2026-33691
OWASP CRS: Whitespace padding in filenames bypasses file upl
V. Comments for CVE-2026-47323
No comments yet