(camel-website) branch main updated: Added CVE-2026-47323 (#1599)

Tue, 19 May 2026 03:54:15 -0700 

This is an automated email from the ASF dual-hosted git repository.

oscerd pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-website.git


The following commit(s) were added to refs/heads/main by this push:
     new 762f1674 Added CVE-2026-47323 (#1599)
762f1674 is described below

commit 762f1674b77bbab5b686cab3bf9acb6fb9efeb6a
Author: Andrea Cosentino <[email protected]>
AuthorDate: Tue May 19 12:54:03 2026 +0200

    Added CVE-2026-47323 (#1599)
    
    Signed-off-by: Andrea Cosentino <[email protected]>
---
 content/security/CVE-2026-47323.md      | 17 +++++++++++++++++
 content/security/CVE-2026-47323.txt.asc | 31 +++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/content/security/CVE-2026-47323.md 
b/content/security/CVE-2026-47323.md
new file mode 100644
index 00000000..e7f73be7
--- /dev/null
+++ b/content/security/CVE-2026-47323.md
@@ -0,0 +1,17 @@
+---
+title: "Apache Camel Security Advisory - CVE-2026-47323"
+date: 2026-05-18T09:00:00+02:00
+url: /security/CVE-2026-47323.html
+draft: false
+type: security-advisory
+cve: CVE-2026-47323
+severity: MEDIUM
+summary: "Camel-CXF and Camel-Knative Message Header Injection via Missing 
Inbound Filtering"
+description: "The CXF and Knative HeaderFilterStrategy implementations 
(CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in 
camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) 
only filter outbound Camel-internal headers via setOutFilterStartsWith, while 
not configuring inbound filtering via setInFilterStartsWith. As a result, an 
unauthenticated attacker can inject Camel-internal headers (e.g. 
CamelExecCommandExecutable, CamelFileName) via H [...]
+mitigation: "Users are recommended to upgrade to version 4.19.0, which fixes 
the issue. If users are on the 4.18.x LTS releases stream, then they are 
suggested to upgrade to 4.18.2. If users are on the 4.14.x LTS releases stream, 
then they are suggested to upgrade to 4.14.6."
+credit: "This issue was discovered by Quac Tran"
+affected: from 3.18.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 
before 4.19.0
+fixed: 4.14.6, 4.18.2 and 4.19.0
+---
+
+This CVE is related to CVE-2025-27636, CVE-2025-29891, CVE-2025-30177, and 
CVE-2026-40453.
diff --git a/content/security/CVE-2026-47323.txt.asc 
b/content/security/CVE-2026-47323.txt.asc
new file mode 100644
index 00000000..34e022f4
--- /dev/null
+++ b/content/security/CVE-2026-47323.txt.asc
@@ -0,0 +1,31 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+- ---
+title: "Apache Camel Security Advisory - CVE-2026-47323"
+date: 2026-05-18T09:00:00+02:00
+url: /security/CVE-2026-47323.html
+draft: false
+type: security-advisory
+cve: CVE-2026-47323
+severity: MEDIUM
+summary: "Camel-CXF and Camel-Knative Message Header Injection via Missing 
Inbound Filtering"
+description: "The CXF and Knative HeaderFilterStrategy implementations 
(CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in 
camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) 
only filter outbound Camel-internal headers via setOutFilterStartsWith, while 
not configuring inbound filtering via setInFilterStartsWith. As a result, an 
unauthenticated attacker can inject Camel-internal headers (e.g. 
CamelExecCommandExecutable, CamelFileName) via H [...]
+mitigation: "Users are recommended to upgrade to version 4.19.0, which fixes 
the issue. If users are on the 4.18.x LTS releases stream, then they are 
suggested to upgrade to 4.18.2. If users are on the 4.14.x LTS releases stream, 
then they are suggested to upgrade to 4.14.6."
+credit: "This issue was discovered by Quac Tran"
+affected: from 3.18.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 
before 4.19.0
+fixed: 4.14.6, 4.18.2 and 4.19.0
+- ---
+
+This CVE is related to CVE-2025-27636, CVE-2025-29891, CVE-2025-30177, and 
CVE-2026-40453.
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAEBCgAdFiEEJ2Y0ButtuvUpHyYV406fOAL/QQAFAmoMK5gACgkQ406fOAL/
+QQDj/AgAhITvNOl8dOg/h1h2pMiGWlCZTWm91xJN8sPke4UeH2eQMz8Ihp60uw9S
+c57BrnJS4sSGqk05MHg42qE1Lcsbt9aLswUSbha7d1LmjsKNy196F9lFaYYgdYFS
+rIB/tXhMje+4foo87Y7FQc7E8mcUewb5spNIDIXpHBH8QDG3XJ37hnCwIVxCGSyt
+WO6fDTi0b5keBw/dZPiUzFbMXpK15/KdpGL/HDityqvylIVB6RYZKwi7AuunPXgn
+GiURkNjJK0H9jwC68N3KzVjMlJlrOquc3CpYSpNypIkda+0xzMrZ36Fm6LM5G2av
+WMEAeOuZoXzhWGmSawlXm8YyO6++jg==
+=tRFR
+-----END PGP SIGNATURE-----

Reply via email to