Apache Camel K Vulnerability Risks to Namespace Clusters

Threat: Vulnerability

Targeted Region: Global

Targeted Sector: Technology & IT

Criticality: High

[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-45760 with a CVSS score of 8.1 is a vulnerability in Apache Camel K that enables cross-namespace attacks through a user-controlled key, allowing an authorized user in one namespace to create a malicious Build resource and manipulate Pod generation in different namespaces, including the sensitive operator namespace, effectively bypassing multi-tenancy safeguards and potentially staging a broader cluster takeover. The vulnerability affects organizations running Apache Camel K on Kubernetes, where the attacker can dictate how and where pods are generated. The business impact and consequences of exploiting this vulnerability include unauthorized access to sensitive data, potential cluster takeover, and compromise of multi-tenancy safeguards. To exploit this vulnerability, an attacker requires already authorized access to a Kubernetes namespace, and they can execute the attack vector using a Build resource.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

RECOMMENDATION:

We recommend you to update to below version: https://github.com/apache/camel-k/releases

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/apache-camel-k-cross-namespace-vulnerability-cve-2026-45760/

[/emaillocker]

Recent Advisories

vm2 Vulnerability Exposes Critical Node.js RCE Pathways

May 22, 2026

Splunk Enterprise Authorization Overwrite Bypass Vulnerability

May 22, 2026

Plonky3 Challenger Vulnerability Allows Transcript Malleability

May 22, 2026

Twig Multiple Vulnerabilities Expose Sandbox Bypass

May 22, 2026

Apache Camel K Vulnerability Risks to Namespace Clusters

Recent Advisories

Report an Incident