CVE-2026-46456: CWE-20 Improper Input Validation in Apache Software Foundation Apache Camel
Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured only an outbound filter (setOutFilterPattern, which blocks Camel*, breadcrumbId and org.apache.camel.* headers being written to the broker) but did not configure an inbound filter. As a result, when Sqs2Consumer copies each SQS MessageAttribute into the Exchange via HeaderFilterStrategy.applyFilterToExternalHeaders, DefaultHeaderFilterStrategy applied no inbound rule and treated every header name as not filtered - including Camel-internal control headers such as CamelHttpUri, CamelFileName or CamelSqlQuery - copying them unmodified onto the Camel message. Any principal able to send messages to the consumed SQS queue (for example a cross-account sender or a lower-privileged in-account component holding sqs:SendMessage) could therefore set arbitrary Camel control headers that influence the behaviour of downstream producers in the route (for example redirecting an HTTP producer, changing a file name, or overriding a query); the injected headers also persist across internal direct, seda and vm hops. The concrete downstream impact depends on which producers the route uses. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix adds an inbound HeaderFilterStrategy rule to Sqs2HeaderFilterStrategy that filters the Camel header namespace case-insensitively on inbound mapping, so sender-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from inbound messages before they reach any downstream producer (for example removeHeaders('Camel*') and removeHeaders('camel*') at the start of the route), and restrict who may send to the consumed SQS queue by applying least-privilege sqs:SendMessage permissions on the queue resource policy.
AI Analysis
Technical Summary
The Apache Camel AWS2-SQS component improperly validates inbound message attributes by not filtering Camel internal control headers during inbound mapping. Specifically, the Sqs2HeaderFilterStrategy only configured outbound filtering but lacked inbound filtering, causing DefaultHeaderFilterStrategy to allow all headers, including Camel internal headers like CamelHttpUri, CamelFileName, and CamelSqlQuery, to be copied unmodified into the Camel Exchange. This enables any principal with sqs:SendMessage permission on the consumed SQS queue to inject headers that can alter downstream route behavior, such as redirecting HTTP producers or changing file names. The vulnerability affects Apache Camel versions from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, and from 4.19.0 before 4.21.0. The issue is fixed by adding inbound header filtering that blocks Camel header namespaces case-insensitively. Users are advised to upgrade to 4.21.0 or the appropriate LTS patch versions 4.14.8 or 4.18.3. For those unable to upgrade immediately, removing Camel headers at the start of the route and restricting SQS send permissions are recommended mitigations.
Potential Impact
An attacker able to send messages to the affected SQS queue can inject arbitrary Camel internal control headers into the message exchange. This can influence the behavior of downstream producers in the route, potentially redirecting HTTP requests, modifying file names, or overriding SQL queries. The exact impact depends on the route configuration and which producers are used. This could lead to unauthorized actions or data manipulation within the application processing the messages.
Mitigation Recommendations
A fix is available in Apache Camel versions 4.14.8, 4.18.3, and 4.21.0, which add inbound header filtering to block Camel internal headers. Users should upgrade to these versions to remediate the vulnerability. For deployments unable to upgrade immediately, it is recommended to strip Camel control headers from inbound messages at the start of the route (e.g., using removeHeaders('Camel*') and removeHeaders('camel*')) and to restrict sqs:SendMessage permissions on the SQS queue to only trusted principals following the least-privilege principle.
CVE-2026-46456: CWE-20 Improper Input Validation in Apache Software Foundation Apache Camel
Description
Improper Input Validation vulnerability in Apache Camel AWS2-SQS Component. The camel-aws2-sqs component map inbound message attributes into the Camel Exchange through a component-specific HeaderFilterStrategy. Sqs2HeaderFilterStrategy configured only an outbound filter (setOutFilterPattern, which blocks Camel*, breadcrumbId and org.apache.camel.* headers being written to the broker) but did not configure an inbound filter. As a result, when Sqs2Consumer copies each SQS MessageAttribute into the Exchange via HeaderFilterStrategy.applyFilterToExternalHeaders, DefaultHeaderFilterStrategy applied no inbound rule and treated every header name as not filtered - including Camel-internal control headers such as CamelHttpUri, CamelFileName or CamelSqlQuery - copying them unmodified onto the Camel message. Any principal able to send messages to the consumed SQS queue (for example a cross-account sender or a lower-privileged in-account component holding sqs:SendMessage) could therefore set arbitrary Camel control headers that influence the behaviour of downstream producers in the route (for example redirecting an HTTP producer, changing a file name, or overriding a query); the injected headers also persist across internal direct, seda and vm hops. The concrete downstream impact depends on which producers the route uses. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix adds an inbound HeaderFilterStrategy rule to Sqs2HeaderFilterStrategy that filters the Camel header namespace case-insensitively on inbound mapping, so sender-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from inbound messages before they reach any downstream producer (for example removeHeaders('Camel*') and removeHeaders('camel*') at the start of the route), and restrict who may send to the consumed SQS queue by applying least-privilege sqs:SendMessage permissions on the queue resource policy.
CVSS v3.1
Score 9.8critical
Affected software
pkg:maven/Apache Software Foundation/org.apache.camel:camel-aws2-sqsRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Apache Camel AWS2-SQS component improperly validates inbound message attributes by not filtering Camel internal control headers during inbound mapping. Specifically, the Sqs2HeaderFilterStrategy only configured outbound filtering but lacked inbound filtering, causing DefaultHeaderFilterStrategy to allow all headers, including Camel internal headers like CamelHttpUri, CamelFileName, and CamelSqlQuery, to be copied unmodified into the Camel Exchange. This enables any principal with sqs:SendMessage permission on the consumed SQS queue to inject headers that can alter downstream route behavior, such as redirecting HTTP producers or changing file names. The vulnerability affects Apache Camel versions from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, and from 4.19.0 before 4.21.0. The issue is fixed by adding inbound header filtering that blocks Camel header namespaces case-insensitively. Users are advised to upgrade to 4.21.0 or the appropriate LTS patch versions 4.14.8 or 4.18.3. For those unable to upgrade immediately, removing Camel headers at the start of the route and restricting SQS send permissions are recommended mitigations.
Potential Impact
An attacker able to send messages to the affected SQS queue can inject arbitrary Camel internal control headers into the message exchange. This can influence the behavior of downstream producers in the route, potentially redirecting HTTP requests, modifying file names, or overriding SQL queries. The exact impact depends on the route configuration and which producers are used. This could lead to unauthorized actions or data manipulation within the application processing the messages.
Mitigation Recommendations
A fix is available in Apache Camel versions 4.14.8, 4.18.3, and 4.21.0, which add inbound header filtering to block Camel internal headers. Users should upgrade to these versions to remediate the vulnerability. For deployments unable to upgrade immediately, it is recommended to strip Camel control headers from inbound messages at the start of the route (e.g., using removeHeaders('Camel*') and removeHeaders('camel*')) and to restrict sqs:SendMessage permissions on the SQS queue to only trusted principals following the least-privilege principle.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2026-05-14T08:59:11.779Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a4b6cac27e9c7971925229e
Added to database: 07/06/2026, 08:51:56 UTC
Last enriched: 07/06/2026, 09:09:28 UTC
Last updated: 07/06/2026, 23:07:56 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.