Copyright © 2012 Red Hat, Inc. All rights reserved. Critical 2026-04-27T08:23:20 Apache Camel: org.apache.camel: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CWE-178

A flaw was found in Apache Camel. A remote attacker with Java Message Service (JMS) producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows for the injection of malicious headers. Consequently, this could lead to remote code execution and arbitrary file write on affected Camel routes.

This Critical flaw in Apache Camel allows remote code execution and arbitrary file write. An attacker with Java Message Service (JMS) producer access can exploit a discrepancy in header processing, where case-variant internal headers are filtered case-sensitively but processed case-insensitively. This enables the injection of malicious headers into Camel routes that forward JMS messages to header-driven components, posing a significant risk to affected Red Hat products. The critical severity is tied to the low complexity and low privileges required by the attack to exploit this vulnerability, this flaw also differs from the CVE-2025-27636 in the fact that an attacker may leverage this flaw to execute code that are beyond the methods already in the classpath meaning the impact for Integrity, Availability and Confidentiality is higher for this CVE and the impact scope may go beyond of only Apache Camel component but can impact the whole server hosting it. This flaw may be mitigated by temporarily disabling routes that allows arbitrary writes and executions (camel-exec and camel-file) OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-ddb-streams-source-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-s3-sink-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-s3-source-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-sns-sink-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-sqs-sink-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-aws-sqs-source-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-log-sink-rhel9 OpenShift Serverless Under investigation openshift-serverless-1/kn-eventing-integrations-timer-source-rhel9 Red Hat build of Apache Camel 4 for Quarkus 3 Affected camel-google-pubsub Red Hat build of Apache Camel 4 for Quarkus 3 Not affected camel-http Red Hat build of Apache Camel 4 for Quarkus 3 Not affected camel-http-base Red Hat build of Apache Camel 4 for Quarkus 3 Not affected camel-http-common Red Hat build of Apache Camel 4 for Quarkus 3 Affected camel-jms Red Hat build of Apache Camel for Spring Boot 4 Affected camel-google-pubsub Red Hat build of Apache Camel for Spring Boot 4 Affected camel-http Red Hat build of Apache Camel for Spring Boot 4 Affected camel-http-base Red Hat build of Apache Camel for Spring Boot 4 Affected camel-http-common Red Hat build of Apache Camel for Spring Boot 4 Affected camel-http-starter Red Hat build of Apache Camel for Spring Boot 4 Affected camel-jms Red Hat Fuse 7 Not affected camel-google-pubsub Red Hat Fuse 7 Not affected camel-http Red Hat Fuse 7 Not affected camel-http4 Red Hat Fuse 7 Not affected camel-http4-starter Red Hat Fuse 7 Not affected camel-http-base Red Hat Fuse 7 Not affected camel-http-common Red Hat Fuse 7 Not affected camel-http-common-starter Red Hat Fuse 7 Not affected camel-http-starter Red Hat Fuse 7 Not affected camel-jms Red Hat JBoss Enterprise Application Platform 8 Not affected camel-google-pubsub Red Hat JBoss Enterprise Application Platform 8 Not affected camel-http Red Hat JBoss Enterprise Application Platform 8 Not affected camel-http-base Red Hat JBoss Enterprise Application Platform 8 Not affected camel-http-common Red Hat JBoss Enterprise Application Platform 8 Not affected camel-jms Red Hat JBoss Enterprise Application Platform Expansion Pack Not affected camel-google-pubsub Red Hat JBoss Enterprise Application Platform Expansion Pack Not affected camel-http Red Hat JBoss Enterprise Application Platform Expansion Pack Not affected camel-http-base Red Hat JBoss Enterprise Application Platform Expansion Pack Not affected camel-http-common Red Hat JBoss Enterprise Application Platform Expansion Pack Not affected camel-jms Red Hat Process Automation 7 Not affected camel-http-common Red Hat Single Sign-On 7 Affected camel-http-common https://www.cve.org/CVERecord?id=CVE-2026-40453 https://nvd.nist.gov/vuln/detail/CVE-2026-40453 https://camel.apache.org/security/CVE-2026-40453.html