Skip to main content

Apache Camel EUVDEUVD-2026-41840

| CVE-2026-48205 CRITICAL
Improper Input Validation (CWE-20)
9.1
CVSS 3.1 · Vendor
Share

Severity by source

Vendor (CNA) PRIMARY
9.1 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
6.5 CRITICAL

Remote unauthenticated when the vulnerable HTTP-to-DNS route is present, but impact is limited to internal-hostname existence disclosure (C:L) and DNS-answer tampering (I:L), with no availability impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (CNA).

CVSS VectorVendor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

6
Analysis Updated
Jul 06, 2026 - 21:17 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 06, 2026 - 21:17 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 06, 2026 - 20:22 vuln.today
cvss_changed
CVSS changed
Jul 06, 2026 - 20:22 NVD
9.1 (CRITICAL)
Patch available
Jul 06, 2026 - 10:01 EUVD
Analysis Generated
Jul 05, 2026 - 20:43 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Server-side request forgery in the Apache Camel camel-dns component lets any HTTP client control DNS lookups when a route bridges an HTTP consumer (e.g. platform-http) into a dns: producer. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach unauthenticated HTTP-to-DNS route
Delivery
Send request with crafted dns.server/dns.name headers
Exploit
Headers bypass HttpHeaderFilterStrategy into Exchange
Execution
camel-dns builds SimpleResolver to attacker DNS
Persist
Resolve internal hostnames and return poisoned answers
Impact
Internal reconnaissance and DNS-response tampering

Vulnerability AssessmentAI

Exploitation Exploitation requires a specific deployment: a Camel route that bridges an HTTP consumer (such as platform-http, camel-jetty, or camel-servlet) directly into a dns: producer using one of the dig/ip/lookup/wikipedia operations, where the HTTP consumer is unauthenticated. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are mixed. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An organization runs a Camel route where a platform-http consumer feeds a dns: dig producer to offer a DNS-lookup web endpoint. An unauthenticated attacker sends an HTTP request setting the dns.server header to their own DNS server and dns.name to an internal hostname like backend.corp.local; Camel builds a SimpleResolver against the attacker's server, revealing the queried internal name and letting the attacker return a poisoned answer. …
Remediation Vendor-released patch: 4.21.0 is the primary fix; users on the 4.14.x LTS stream should upgrade to 4.14.8 and users on the 4.18.x stream to 4.18.3. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct inventory scan to identify all systems running Apache Camel 4.0.0-4.14.7, 4.15.0-4.18.2, or 4.19.0-4.20.x. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Camel

View all
CVE-2025-27636 MEDIUM POC
5.6 Mar 09

Bypass/Injection vulnerability in Apache Camel components under particular conditions.10.0 through <= 4.10.1, from 4.8.0

CVE-2014-0002 HIGH POC
7.5 Mar 21

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary file

CVE-2016-8749 CRITICAL POC
9.8 Mar 28

Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks. Rated cri

CVE-2014-0003 HIGH POC
7.5 Mar 21

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remo

CVE-2026-23552 CRITICAL POC
9.1 Feb 23

Cross-realm token acceptance bypass in Apache Camel Keycloak security policy. The KeycloakSecurityPolicy fails to proper

CVE-2026-25747 HIGH POC
8.8 Feb 23

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSeria

CVE-2026-40473 HIGH POC
8.8 Apr 27

The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInp

CVE-2019-0194 HIGH POC
7.5 Apr 30

Apache Camel's File is vulnerable to directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely

CVE-2017-12634 CRITICAL
9.8 Nov 15

The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-se

CVE-2015-5344 CRITICAL
9.8 Feb 03

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arb

CVE-2017-12633 CRITICAL
9.8 Nov 15

The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-s

CVE-2013-4330 MEDIUM
6.8 Oct 04

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arb

Share

EUVD-2026-41840 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy