CVE-2026-40453: CWE-178 Improper Handling of Case Sensitivity in Apache Software Foundation Apache Camel JMS
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP HeaderFilterStrategy implementations: JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy in camel-jms, SjmsHeaderFilterStrategy in camel-sjms, CoAPHeaderFilterStrategy in camel-coap, and GooglePubsubHeaderFilterStrategy in camel-google-pubsub. Because those strategies use case-sensitive String.startsWith('Camel'/'camel') filtering while the Camel Exchange stores headers in a case-insensitive map, an attacker with JMS (or equivalent) producer access to the broker consumed by a Camel route can inject case-variant Camel internal headers, which are then resolved by downstream components such as camel-exec and camel-file using their canonical casing. This enables remote code execution and arbitrary file write on routes that forward JMS messages to header-driven components. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.
AI Analysis
Technical Summary
The vulnerability arises because the fix for a previous issue (CVE-2025-27636) applied case-insensitive filtering (setLowerCase(true)) only to HTTP HeaderFilterStrategy implementations, but not to five other non-HTTP HeaderFilterStrategy classes including JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy. These non-HTTP strategies use case-sensitive prefix checks ('Camel'/'camel') on headers, while the Camel Exchange stores headers case-insensitively. This mismatch allows an attacker with JMS producer access to inject headers with variant casing that bypass filtering, which are then normalized and interpreted by downstream components such as camel-exec and camel-file. This can lead to remote code execution and arbitrary file writes on affected routes. The vulnerability affects Apache Camel versions 3.0.0 up to but not including 4.14.6, 4.15.0 up to but not including 4.18.2, and 4.19.0 up to but not including 4.20.0. The recommended remediation is to upgrade to Apache Camel 4.20.0 or the appropriate fixed LTS versions 4.14.6 or 4.18.2.
Potential Impact
An attacker with JMS producer access to the message broker can exploit this vulnerability to inject specially crafted headers that bypass filtering due to case sensitivity issues. This can result in remote code execution and arbitrary file writes on routes that forward JMS messages to header-driven components such as camel-exec and camel-file. This poses a significant risk to the confidentiality, integrity, and availability of affected systems running vulnerable versions of Apache Camel JMS.
Mitigation Recommendations
Users should upgrade to Apache Camel version 4.20.0, which includes the fix for this vulnerability. For those using the 4.14.x LTS release stream, upgrading to 4.14.6 is recommended. For users on the 4.18.x release stream, upgrading to 4.18.2 is advised. Patch status is confirmed by the vendor advisory recommending these versions. No alternative mitigations or temporary fixes are indicated.
CVE-2026-40453: CWE-178 Improper Handling of Case Sensitivity in Apache Software Foundation Apache Camel JMS
Description
The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP HeaderFilterStrategy implementations: JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy in camel-jms, SjmsHeaderFilterStrategy in camel-sjms, CoAPHeaderFilterStrategy in camel-coap, and GooglePubsubHeaderFilterStrategy in camel-google-pubsub. Because those strategies use case-sensitive String.startsWith('Camel'/'camel') filtering while the Camel Exchange stores headers in a case-insensitive map, an attacker with JMS (or equivalent) producer access to the broker consumed by a Camel route can inject case-variant Camel internal headers, which are then resolved by downstream components such as camel-exec and camel-file using their canonical casing. This enables remote code execution and arbitrary file write on routes that forward JMS messages to header-driven components. This issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0. Users are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability arises because the fix for a previous issue (CVE-2025-27636) applied case-insensitive filtering (setLowerCase(true)) only to HTTP HeaderFilterStrategy implementations, but not to five other non-HTTP HeaderFilterStrategy classes including JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy. These non-HTTP strategies use case-sensitive prefix checks ('Camel'/'camel') on headers, while the Camel Exchange stores headers case-insensitively. This mismatch allows an attacker with JMS producer access to inject headers with variant casing that bypass filtering, which are then normalized and interpreted by downstream components such as camel-exec and camel-file. This can lead to remote code execution and arbitrary file writes on affected routes. The vulnerability affects Apache Camel versions 3.0.0 up to but not including 4.14.6, 4.15.0 up to but not including 4.18.2, and 4.19.0 up to but not including 4.20.0. The recommended remediation is to upgrade to Apache Camel 4.20.0 or the appropriate fixed LTS versions 4.14.6 or 4.18.2.
Potential Impact
An attacker with JMS producer access to the message broker can exploit this vulnerability to inject specially crafted headers that bypass filtering due to case sensitivity issues. This can result in remote code execution and arbitrary file writes on routes that forward JMS messages to header-driven components such as camel-exec and camel-file. This poses a significant risk to the confidentiality, integrity, and availability of affected systems running vulnerable versions of Apache Camel JMS.
Mitigation Recommendations
Users should upgrade to Apache Camel version 4.20.0, which includes the fix for this vulnerability. For those using the 4.14.x LTS release stream, upgrading to 4.14.6 is recommended. For users on the 4.18.x release stream, upgrading to 4.18.2 is advised. Patch status is confirmed by the vendor advisory recommending these versions. No alternative mitigations or temporary fixes are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2026-04-13T08:27:50.386Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69ef291bba26a39fba10e17d
Added to database: 4/27/2026, 9:15:07 AM
Last enriched: 4/27/2026, 9:31:33 AM
Last updated: 4/28/2026, 1:47:42 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.