Multiple security vulnerabilities affecting Apache Camel versions The header-injection flaws span several 4 have been identified in Apache Camel, a project that drives integration routes inside many enterprise systems. The overall risk/impact is high due to the potential for server-side request forgery and secrets leaks. Affected version range(s) include 4.17.0 before 4.18.3, 4.19.0 before 4.21.0, 4.0.0 before 4.14.8, then 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0.
CVE-2026-55994 (CVSS 9.1 — Critical): The vulnerability allows an attacker to inject Camel control headers, which triggers server-side request forgery and leaks secrets. An attacker can set CamelHttpUri as a plain header or parameter, steering a downstream HTTP producer to a chosen destination.[/subscribe_to_unlock_form]
Multiple security vulnerabilities affecting Apache Camel versions The header-injection flaws span several 4 have been identified in Apache Camel, a project that drives integration routes inside many enterprise systems. The overall risk/impact is high due to the potential for server-side request forgery and secrets leaks. Affected version range(s) include 4.17.0 before 4.18.3, 4.19.0 before 4.21.0, 4.0.0 before 4.14.8, then 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0.
CVE-2026-55994 (CVSS 9.1 — Critical): The vulnerability allows an attacker to inject Camel control headers, which triggers server-side request forgery and leaks secrets. An attacker can set CamelHttpUri as a plain header or parameter, steering a downstream HTTP producer to a chosen destination.[emaillocker id="1283"]
CVE-2026-55993 (CVSS 8.8 — High): This flaw enables an attacker to inject Camel control headers, copying WebSocket query parameters from the camel-atmosphere-websocket consumer. An attacker can reach this path without any credentials on an unauthenticated WebSocket endpoint.
CVE-2026-46726 (CVSS 9.1 — Critical): The vulnerability allows an attacker to inject Camel control headers, mapping query and path parameters from the camel-vertx-websocket consumer. An attacker can set CamelHttpUri as a plain header or parameter.
These vulnerabilities collectively present a high risk of server-side request forgery and secrets leaks.
We recommend you to update Apache Camel to version 4.21.0 and 4.18.3 covers the 4.18.x stream, and 4.14.8 covers the affected WebSocket flaws on 4.14.x.
The following reports contain further technical details:
[/emaillocker]