Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.8%top 48%

CVE-2026-40047: CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in Apache Software Foundation Apache Camel

0
Critical
VulnerabilityCVE-2026-40047cvecve-2026-40047cwe-88
Published: 07/06/2026 (07/06/2026, 07:46:57 UTC)
Source: CVE Database V5
Vendor/Project: Apache Software Foundation
Product: Apache Camel

Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component. The camel-docling component invokes the external `docling` command-line tool by assembling an argument list in DoclingProducer and executing it through java.lang.ProcessBuilder. Custom CLI arguments supplied through the `CamelDoclingCustomArguments` exchange header (a List<String>) were appended to that argument list with insufficient validation: the original implementation relied on a denylist of disallowed flags and only rejected path values that contained a literal `../` sequence. As a result, a Camel route that forwards externally-influenced data into the `CamelDoclingCustomArguments` header (or into the path-bearing headers used to build the invocation) could cause the producer to pass unrecognized or unintended `docling` CLI flags to the subprocess, and could supply path-like argument values that resolved outside the intended directory through traversal sequences not caught by the literal `../` check. Because Camel itself builds the `docling` invocation from these values, the component is responsible for constraining them, and the weak validation allowed CLI-argument injection and directory traversal in the arguments passed to the external tool. The invocation uses the list-based form of ProcessBuilder, so a shell does not interpret the argument values; OS command injection through shell metacharacters was not possible, and the metacharacter rejection added by the fix is defense-in-depth. This issue affects Apache Camel: from 4.15.0 before 4.18.3. Users are recommended to upgrade to a release that contains the CAMEL-23212 fix. On the mainline the fix is included from Apache Camel 4.19.0 (and later releases such as 4.20.0). For users on the 4.18.x LTS releases stream, upgrade to 4.18.3. The fix replaces the denylist with a strict allowlist of recognized `docling` CLI flags (rejecting any unrecognized flag, and rejecting producer-managed flags such as the output-directory flags), defensively rejects shell metacharacters in argument values, and normalizes path-like values with Path.normalize() before validating them so that traversal sequences which bypass a literal `../` check are detected. As defence in depth, route authors should avoid mapping untrusted message content into the `CamelDoclingCustomArguments` header and the path-bearing headers, and should strip Camel-internal headers from messages that arrive from untrusted producers.

CVSS v3.1

Score 9.1critical

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected software

Apache Software Foundation/org.apache.camel:camel-docling
pkg:maven/Apache Software Foundation/org.apache.camel:camel-docling
Affected versions
>=4.15.0 <4.18.3

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/06/2026, 09:22:32 UTC

Technical Analysis

The vulnerability in Apache Camel's DoclingProducer arises from improper neutralization of argument delimiters (CWE-88) when assembling command-line arguments for the external docling tool. The component previously relied on a denylist and a simplistic check for '../' sequences to validate arguments, which was insufficient to prevent injection of unrecognized CLI flags and directory traversal via path-like arguments. Because the invocation uses ProcessBuilder's argument list form, shell command injection is not possible, but argument injection and directory traversal remain risks. The fix, included from version 4.18.3 and mainline 4.19.0 onward, implements a strict allowlist of recognized flags, rejects shell metacharacters defensively, and normalizes paths to detect traversal sequences. Route authors are also advised to avoid passing untrusted data into the vulnerable headers.

Potential Impact

An attacker able to influence the CamelDoclingCustomArguments header or path-bearing headers in Apache Camel routes could cause the DoclingProducer to pass unintended CLI flags or directory traversal paths to the external docling tool. This may lead to unexpected behavior or processing of files outside intended directories. However, OS command injection via shell metacharacters is not possible due to the use of ProcessBuilder's argument list form. No known exploits in the wild have been reported.

Mitigation Recommendations

A fix is available and included in Apache Camel version 4.18.3 and later (including mainline 4.19.0 and 4.20.0). Users should upgrade to these versions to address the vulnerability. The fix replaces the denylist with a strict allowlist of recognized docling CLI flags, rejects shell metacharacters in arguments, and normalizes paths to detect traversal sequences. Additionally, route authors should avoid mapping untrusted message content into the CamelDoclingCustomArguments header and related path-bearing headers, and strip Camel-internal headers from messages originating from untrusted sources as defense in depth.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
apache
Date Reserved
2026-04-08T16:19:46.829Z
Cvss Version
null
State
PUBLISHED
Remediation Level
null

Threat ID: 6a4b6caa27e9c797192521b0

Added to database: 07/06/2026, 08:51:54 UTC

Last enriched: 07/06/2026, 09:22:32 UTC

Last updated: 07/07/2026, 00:16:47 UTC

Views: 6

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses