Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (apache).
CVSS VectorVendor: apache
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Blast Radius
ecosystem impact- 8 maven packages depend on org.apache.camel:camel-cxf-rest (3 direct, 5 indirect)
Ecosystem-wide dependent count for version 3.18.0.
DescriptionCVE.org
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering
The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) only filter outbound Camel-internal headers via setOutFilterStartsWith, while not configuring inbound filtering via setInFilterStartsWith. As a result, an unauthenticated attacker can inject Camel-internal headers (e.g. CamelExecCommandExecutable, CamelFileName) via HTTP requests to CXF-RS or CXF-SOAP endpoints. When a route forwards messages from these endpoints to header-driven components such as camel-exec or camel-file, the injected headers override configured values, enabling remote code execution or arbitrary file writes. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177), the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891), and non-HTTP strategies (CVE-2026-40453).
This issue affects Apache Camel: from 3.18.0 before 4.14.6, from 4.15.0 before 4.18.2.
Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.2. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6.
AnalysisAI
Remote code execution in Apache Camel 3.18.0-4.14.5 and 4.15.0-4.18.1 stems from CXF and Knative HeaderFilterStrategy implementations filtering only outbound Camel-internal headers while leaving inbound traffic unfiltered, letting unauthenticated attackers inject control headers such as CamelExecCommandExecutable and CamelFileName through HTTP requests to CXF-RS, CXF-SOAP, or Knative HTTP endpoints. When such routes pipe into header-driven components like camel-exec or camel-file, the injected headers override configured values, yielding RCE or arbitrary file writes. No public exploit identified at time of analysis, but EPSS sits at only 0.04% despite the 9.8 CVSS - this is the fifth iteration of the same header-injection pattern (CVE-2025-27636, 2025-29891, 2025-30177, 2026-40453), so prior PoCs for sibling CVEs are likely portable.
Technical ContextAI
Apache Camel is an enterprise integration framework that routes and transforms messages across components; HeaderFilterStrategy classes are responsible for deciding which headers flow into and out of routes. The vulnerable classes - CxfRsHeaderFilterStrategy (camel-cxf-rest), CxfHeaderFilterStrategy (camel-cxf-transport), and KnativeHttpHeaderFilterStrategy (camel-knative-http) - call setOutFilterStartsWith to strip Camel-internal headers (those prefixed with 'Camel' or 'org.apache.camel') leaving the route, but never call the symmetric setInFilterStartsWith on the inbound path. This maps to CWE-178 (Improper Handling of Case Sensitivity) as registered, though the underlying defect is more precisely an asymmetric header allowlist that lets externally-supplied HTTP headers be treated as internal control metadata, weaponized through components like camel-exec (which honors CamelExecCommandExecutable to choose what binary to spawn) and camel-file (which honors CamelFileName to choose what path to write).
RemediationAI
Vendor-released patch: upgrade to Apache Camel 4.19.0 on the main stream, 4.18.2 on the 4.18.x LTS stream, or 4.14.6 on the 4.14.x LTS stream, per the Apache advisory at https://camel.apache.org/security/CVE-2026-47323.html. If immediate patching is not possible, the most direct compensating control is to configure a custom HeaderFilterStrategy on each CXF-RS, CXF-SOAP, and Knative HTTP consumer endpoint that explicitly calls setInFilterStartsWith with the 'Camel' and 'org.apache.camel.' prefixes - replicating the upstream fix in-place. Alternatively, place an upstream reverse proxy or WAF that strips any inbound HTTP header beginning with 'Camel' (case-insensitive) before requests reach the Camel listener; side effect is that legitimate clients depending on those prefixes will break, which is rare. As a last resort, decouple vulnerable routes by removing camel-exec and camel-file (and any other header-driven sinks) from any route fed by an exposed CXF or Knative HTTP endpoint, accepting reduced functionality until patched.
More in Apache Camel
View allImproperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote In
The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the
Remote code execution via unsafe Java deserialization affects the camel-pqc component of Apache Camel 4.18.0-4.18.2 and
The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner C
Cypher injection in Apache Camel's camel-neo4j producer allows attackers who control JSON key names in the CamelNeo4jMat
Remote code execution in the Apache Camel camel-hazelcast component allows an attacker who can join or reach the Hazelca
Remote code execution in Apache Camel's camel-vertx-http component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0) arises when a p
Blind out-of-band data exfiltration in Apache Camel 4.14.0-4.20.x arises because the default ObjectInputFilter pattern b
Header injection in the Apache Camel camel-nats component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0-4.20.x) allows any NATS c
Confused-deputy operation redirection in the Apache Camel camel-cxf SOAP component (versions 4.0.0 before 4.14.8, 4.15.0
Improper input validation in Apache Camel (versions through 4.14.7, 4.15.0-4.18.2, and 4.19.0-4.20.0) allows remote atta
Same weakness CWE-178 – Improper Handling of Case Sensitivity
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30895
GHSA-8364-hfqj-pwm6