GHSA-f7g3-2cg6-f5hj
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Given the default header-driven route bridged from unauthenticated HTTP, exploitation is network-based with no auth or interaction (AV:N/AC:L/PR:N/UI:N) and yields full read/delete/enumerate impact (C/I/A:H).
Primary rating from Vendor (CNA).
CVSS VectorVendor
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6Description PRE-NVD
Articles & Coverage 4
AnalysisAI
Unauthenticated NoSQL operation hijacking in Apache Camel's camel-mongodb-gridfs component (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0-4.20.x) lets a remote HTTP client override the intended GridFS operation and inject MongoDB query documents. When a route bridges an HTTP consumer such as platform-http into a mongodb-gridfs: producer that has no explicit operation set (the default), the raw gridfs.operation, gridfs.objectid and gridfs.metadata headers pass through the HTTP header filter because they lack the Camel/camel prefix, allowing an attacker to turn an intended upload into remove, listAll, or findOne and to inject NoSQL operators. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a Camel route that bridges an HTTP-facing consumer (e.g. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals conflict and must be weighed together. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An application exposes a platform-http endpoint that forwards uploads into a mongodb-gridfs: producer with no operation set. An unauthenticated attacker sends an HTTP request carrying gridfs.operation: remove and gridfs.objectid: <target> to delete an arbitrary stored file, or gridfs.operation: listAll to enumerate the entire bucket, and can supply a crafted gridfs.metadata value to inject MongoDB operators. … |
| Remediation | Vendor-released patch: upgrade to Apache Camel 4.21.0, which fixes the issue; on the 4.14.x LTS stream upgrade to 4.14.8, and on the 4.18.x stream upgrade to 4.18.3, per https://camel.apache.org/security/CVE-2026-48204.html. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all production systems running vulnerable Apache Camel versions (4.0.0-4.14.7, 4.15.0-4.18.2, 4.19.0-4.20.x) and identify those with mongodb-gridfs features exposed through HTTP endpoints. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Bypass/Injection vulnerability in Apache Camel components under particular conditions.10.0 through <= 4.10.1, from 4.8.0
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary file
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. Rated cri
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remo
Cross-realm token acceptance bypass in Apache Camel Keycloak security policy. The KeycloakSecurityPolicy fails to proper
Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSeria
The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInp
Apache Camel's File is vulnerable to directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-se
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arb
The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-s
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arb
Same weakness CWE-20 – Improper Input Validation
View allSame technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41839