Severity: important Affected versions:
- Apache Camel (org.apache.camel:camel-keycloak) 4.15.0 before 4.18.0 Description: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. This issue affects Apache Camel: from 4.15.0 before 4.18.0. Users are recommended to upgrade to version 4.18.0, which fixes the issue. This issue is being tracked as CAMEL-22854 Credit: Andrea Cosentino (finder) Andrea Cosentino (remediation developer) References: https://camel.apache.org/security/CVE-2026-23552.html https://github.com/oscerd/CVE-2026-23552 https://camel.apache.org/ https://www.cve.org/CVERecord?id=CVE-2026-23552 https://issues.apache.org/jira/browse/CAMEL-22854
