Threat Advisory

Apache Camel Flaws Let Attackers Inject Headers and Bypass Authentication

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities affecting Apache Camel versions The header-injection flaws span several 4 have been identified in Apache Camel, a project that drives integration routes inside many enterprise systems. The overall risk/impact is high due to the potential for server-side request forgery and secrets leaks. Affected version range(s) include 4.17.0 before 4.18.3, 4.19.0 before 4.21.0, 4.0.0 before 4.14.8, then 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0.

CVE-2026-55994 (CVSS 9.1 — Critical): The vulnerability allows an attacker to inject Camel control headers, which triggers server-side request forgery and leaks secrets. An attacker can set CamelHttpUri as a plain header or parameter, steering a downstream HTTP producer to a chosen destination.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities affecting Apache Camel versions The header-injection flaws span several 4 have been identified in Apache Camel, a project that drives integration routes inside many enterprise systems. The overall risk/impact is high due to the potential for server-side request forgery and secrets leaks. Affected version range(s) include 4.17.0 before 4.18.3, 4.19.0 before 4.21.0, 4.0.0 before 4.14.8, then 4.15.0 before 4.18.3, and 4.19.0 before 4.21.0.

CVE-2026-55994 (CVSS 9.1 — Critical): The vulnerability allows an attacker to inject Camel control headers, which triggers server-side request forgery and leaks secrets. An attacker can set CamelHttpUri as a plain header or parameter, steering a downstream HTTP producer to a chosen destination.[emaillocker id="1283"]

CVE-2026-55993 (CVSS 8.8 — High): This flaw enables an attacker to inject Camel control headers, copying WebSocket query parameters from the camel-atmosphere-websocket consumer. An attacker can reach this path without any credentials on an unauthenticated WebSocket endpoint.

CVE-2026-46726 (CVSS 9.1 — Critical): The vulnerability allows an attacker to inject Camel control headers, mapping query and path parameters from the camel-vertx-websocket consumer. An attacker can set CamelHttpUri as a plain header or parameter.

These vulnerabilities collectively present a high risk of server-side request forgery and secrets leaks.

RECOMMENDATION:

We recommend you to update Apache Camel to version 4.21.0 and 4.18.3 covers the 4.18.x stream, and 4.14.8 covers the affected WebSocket flaws on 4.14.x.

REFERENCES:

The following reports contain further technical details:

[/emaillocker]
crossmenu