GHSA-pw9q-pq7c-rfqw
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitation needs a specific Iggy-to-HTTP-producer route plus publish access to the stream, so AC:H; publish access may be unauthenticated (PR:N); high secret disclosure (C:H) with limited SSRF-driven integrity (I:L).
Primary rating from Vendor (CNA).
CVSS VectorVendor
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
6Description PRE-NVD
AnalysisAI
Server-side request forgery and secret disclosure in the Apache Camel camel-iggy consumer (versions 4.17.0-4.18.2 and 4.19.0-4.20.x) allow an actor able to publish to a consumed Iggy stream to inject Camel control headers such as CamelHttpUri into the Exchange. When the consumer feeds a downstream HTTP producer, the attacker redirects the server-side request to internal services or cloud metadata endpoints, and because the producer resolves Camel property placeholders on the attacker-controlled URI, environment variables, application properties, and vault secrets are exfiltrated. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires two concrete deployment prerequisites: (1) a Camel route where the camel-iggy consumer feeds a downstream HTTP producer whose target URI is resolved from Exchange headers (i.e., CamelHttpUri / Exchange.HTTP_URI is honored), and (2) the attacker must be able to publish user-headers to the specific Iggy stream/topic that route consumes. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, score 7.5) reflects a network-exploitable, no-privilege, high-confidentiality issue, but this arguably understates the required conditions: exploitation depends on a specific vulnerable configuration - a Camel route that pipes the Iggy consumer directly into an HTTP producer whose target URI can be header-driven - plus the ability to publish to the consumed Iggy stream. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with the ability to publish to an Iggy stream that a vulnerable Camel route consumes crafts a message with a user-header named CamelHttpUri pointing at http://169.254.169.254/latest/meta-data/ (or an internal service), optionally embedding a property placeholder such as a vault or environment-variable reference. When the message flows into the downstream HTTP producer, the server issues the request to the attacker-chosen destination and resolves the embedded placeholder, returning cloud metadata credentials or secrets. … |
| Remediation | Vendor-released patch: upgrade to Apache Camel 4.21.0, or for the 4.18.x maintenance stream upgrade to 4.18.3, both of which introduce a dedicated IggyHeaderFilterStrategy (and a headerFilterStrategy endpoint option) that case-insensitively filters the Camel header namespace on inbound mapping so externally-supplied Camel*/camel* headers are no longer copied into the Exchange (see https://camel.apache.org/security/CVE-2026-55994.html). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Conduct inventory of all production instances running Apache Camel versions 4.17.0-4.18.2 or 4.19.0-4.20.x with camel-iggy component; audit and restrict Iggy stream publisher access to authenticated, trusted sources only; review recent publisher activity logs for unauthorized access. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Bypass/Injection vulnerability in Apache Camel components under particular conditions.10.0 through <= 4.10.1, from 4.8.0
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary file
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. Rated cri
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remo
Cross-realm token acceptance bypass in Apache Camel Keycloak security policy. The KeycloakSecurityPolicy fails to proper
Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSeria
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInp
Apache Camel's File is vulnerable to directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-se
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arb
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-s
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arb
Same weakness CWE-20 – Improper Input Validation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41850