Camel
This hub aggregates every CVE we track for Camel, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
41
CVEs tracked
15
Critical
16
High
0
In CISA KEV
Severity distribution
HIGH16CRITICAL15MEDIUM8LOW2
Monthly trend
0
0
0
0
0
0
0
0
2
1
0
0
0
0
0
0
0
0
1
2
0
9
1
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Camel.
- CVE-2026-47323Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering9.8
- CVE-2026-27172Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store8.8
- CVE-2026-33453Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution10.0
- CVE-2026-33454Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)9.4
- CVE-2026-40022Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime8.2
- CVE-2026-40858Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository8.8
- CVE-2026-40453Apache Camel JMS, Apache Camel CoAP, Apache Camel Google PubSub: Incomplete fix for CVE-2025-27636 in non-HTTP HeaderFilterStrategies (camel-jms, camel-sjms, camel-coap, camel-google-pubsub) allows case-variant header injection9.9
- CVE-2026-40860Apache Camel: Unsafe Deserialization of JMS ObjectMessage in camel-jms, camel-sjms, camel-sjms2 and camel-amqp9.8
- CVE-2026-40048Apache Camel PQC: Unsafe Deserialization from FileBasedKeyLifecycleManager7.8
- CVE-2026-40473Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP8.8
- CVE-2026-25747Apache Camel LevelDB: Deserialization of Untrusted Data in Camel LevelDB8.8
- CVE-2026-23552Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy9.1
- CVE-2025-66169Apache Camel Neo4j: Cypher injection vulnerability in Camel-Neo4j component5.3
- CVE-2025-30177Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering6.5
- CVE-2025-29891Apache Camel: Camel Message Header Injection through request parameters4.8
Product normalization is registry-driven with AI assist and human review. How it works