CVE-2026-47323CRITICAL 9.8EPSS p57.8%
CVE-2026-47323CVE-2026-47323
apache / camel
Description
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering
The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) only filter outbound Camel-internal headers via setOutFilterStartsWith, while not configuring inbound filtering via setInFilterStartsWith. As a result, an unauthenticated attacker can inject Camel-internal headers (e.g. CamelExecCommandExecutable, CamelFileName) via HTTP requests to CXF-RS or CXF-SOAP endpoints. When a route forwards messages from these endpoints to header-driven components such as camel-exec or camel-file, the injected headers override configured values, enabling remote code execution or arbitrary file writes. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177), the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891), and non-H
Scoring
| CVSS 3.1 | 9.8 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| EPSS | 0.98% probability of exploitation · percentile 57.8% · 2026-06-19T12:03:05Z |
| Published | 2026-05-19 |
| Last modified | 2026-06-04 |
Underlying weaknesses· 1
References
1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Improper Handling of Case Sensitivitycwe-178 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.