What is the CVSS score of CVE-2026-23552?

CVE-2026-23552 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Camel are affected by CVE-2026-23552?

A critical authentication bypass vulnerability in Apache Camel's Keycloak component allows attackers to forge valid authentication tokens from unauthorized realms, potentially granting unauthorized…. A patch is available.

Is there a public PoC exploit available for CVE-2026-23552?

Yes, a public proof-of-concept exploit is available for CVE-2026-23552. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-23552?

Within 24 hours: Identify all systems using Apache Camel with Keycloak component and assess their exposure; isolate or disable affected services if business-critical. Within 7 days: Implement compensating controls (network segmentation, WAF rules validating issuer claims, enhanced monitoring); evaluate alternative authentication mechanisms. Within 30 days: Monitor Apache Camel security advisories for patch availability; conduct security audit of all token-based authentication flows; develop migration plan away from vulnerable component or upgrade to patched version when released.

Camel CVE-2026-23552

CRITICAL

Origin Validation Error (CWE-346)

2026-02-23 security@apache.org

GHSA-c3f3-cc42-xr9v

Apache Camel

9.1

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.1 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 26, 2026 - 16:46 vuln.today

Public exploit code

CVE Published

Feb 23, 2026 - 09:17 nvd

CRITICAL 9.1

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

3 maven packages depend on org.apache.camel:camel-keycloak (2 direct, 1 indirect)

Ecosystem-wide dependent count for version 4.15.0.

DescriptionCVE.org

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component.

The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss (issuer) claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy configured for a completely different realm, breaking tenant isolation. This issue affects Apache Camel: from 4.15.0 before 4.18.0.

Users are recommended to upgrade to version 4.18.0, which fixes the issue.

AnalysisAI

Cross-realm token acceptance bypass in Apache Camel Keycloak security policy. The KeycloakSecurityPolicy fails to properly validate token issuers, accepting tokens from different Keycloak realms. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Attacker obtains JWT token from different Keycloak realm

Exploit

Send token to target Camel endpoint

Execution

KeycloakSecurityPolicy accepts token without validating issuer claim

Impact

Access granted across realm boundary

Access

Attacker obtains JWT token from different Keycloak realm

Exploit

Send token to target Camel endpoint

Execution

KeycloakSecurityPolicy accepts token without validating issuer claim

Impact

Access granted across realm boundary

Vulnerability AssessmentAI

Exploitation	Apache Camel versions 4.15.0 through 4.17.x with KeycloakSecurityPolicy configured for multi-tenant Keycloak deployments where tokens from different realms are accessible to attacker. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 9.1. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	Attacker obtains valid token from one Keycloak realm, uses it to authenticate to a Camel route protected by a different realm's security policy.
Remediation	Update Apache Camel. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems using Apache Camel with Keycloak component and assess their exposure; isolate or disable affected services if business-critical. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-23552 vulnerability details – vuln.today

Back

Camel CVE-2026-23552

Severity by source

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code