Severity: important Affected versions:
- Apache Camel K (apache/camel-k) 2.0.0 before 2.8.1 - Apache Camel K (apache/camel-k) 2.9.0 before 2.9.2 - Apache Camel K (apache/camel-k) 2.10.0 before 2.10.1 Description: (Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace. This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue. Credit: @j311yl0v3u ([email protected]) (finder) @b0b0haha ([email protected]) (finder) References: https://camel.apache.org/ https://www.cve.org/CVERecord?id=CVE-2026-45760
