CVE-2026-46587 PUBLISHED

Apache Camel: Couchbase: Non-Camel-prefixed Exchange headers bypass HeaderFilterStrategy allowing operation override from untrusted input

Assigner: apache
Reserved: 15.05.2026 Published: 06.07.2026 Updated: 06.07.2026

Improper Input Validation vulnerability in Apache Camel.

This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0.

Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache Camel
Versions Default: unaffected
  • affected from 0 to 4.14.7 (incl.)
  • affected from 4.15.0 to 4.18.2 (incl.)
  • affected from 4.19.0 to 4.20.0 (incl.)

Credits

  • Yu Bao - yubao@paypal.com, who works for paypal.com. reporter

References

Problem Types

  • CWE-20 Improper Input Validation CWE