Apache camel

This hub aggregates every CVE we track for Apache camel, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

DevTools & CIon-premdev tool

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

CRITICAL11HIGH6MEDIUM4LOW1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Apache camel.

CVE-2026-47323Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering9.8May 19, 2026
CVE-2026-27172Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store8.8Apr 27, 2026
CVE-2026-33453Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution10.0Apr 27, 2026
CVE-2026-33454Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)9.4Apr 27, 2026
CVE-2026-40858Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository8.8Apr 27, 2026
CVE-2026-40860Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp9.8Apr 27, 2026
CVE-2026-23552Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy9.1Feb 23, 2026
CVE-2025-30177Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering6.5Apr 1, 2025
CVE-2025-29891Apache Camel: Camel Message Header Injection through request parameters4.8Mar 12, 2025
CVE-2025-27636Apache Camel: Camel Message Header Injection via Improper Filtering5.6Mar 9, 2025
CVE-2024-22371Apache Camel issue on ExchangeCreatedEvent2.9Feb 26, 2024
CVE-2024-23114Apache Camel: Camel-CassandraQL: Unsafe Deserialization from CassandraAggregationRepository9.8Feb 20, 2024
CVE-2024-22369Apache Camel: Camel-SQL: Unsafe Deserialization from JDBCAggregationRepository7.8Feb 20, 2024
CVE-2019-0188Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson compon...7.5May 28, 2019
CVE-2019-0194Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.7.5Apr 30, 2019

Product normalization is registry-driven with AI assist and human review. How it works