CVE-2026-47323: CWE-178 Improper Handling of Case Sensitivity in Apache Software Foundation Apache Camel
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) only filter outbound Camel-internal headers via setOutFilterStartsWith, while not configuring inbound filtering via setInFilterStartsWith. As a result, an unauthenticated attacker can inject Camel-internal headers (e.g. CamelExecCommandExecutable, CamelFileName) via HTTP requests to CXF-RS or CXF-SOAP endpoints. When a route forwards messages from these endpoints to header-driven components such as camel-exec or camel-file, the injected headers override configured values, enabling remote code execution or arbitrary file writes. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177), the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891), and non-HTTP strategies (CVE-2026-40453). This issue affects Apache Camel: from 3.18.0 before 4.14.6, from 4.15.0 before 4.18.2. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.2. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6.
AI Analysis
Technical Summary
The vulnerability (CVE-2026-47323) in Apache Camel affects the CXF and Knative HeaderFilterStrategy implementations, which only filter outbound Camel-internal headers but do not filter inbound headers. This allows an unauthenticated attacker to inject Camel-internal headers such as CamelExecCommandExecutable or CamelFileName via HTTP requests to CXF-RS or CXF-SOAP endpoints. When these messages are forwarded to header-driven components like camel-exec or camel-file, the injected headers can override intended configurations, enabling remote code execution or arbitrary file writes. This vulnerability affects Apache Camel versions from 3.18.0 before 4.14.6 and from 4.15.0 before 4.18.2. The issue is addressed by upgrading to versions 4.14.6, 4.18.2, or 4.19.0.
Potential Impact
An unauthenticated attacker can inject internal headers into HTTP requests, which may override configuration values in components that rely on these headers. This can lead to remote code execution or arbitrary file writes, posing a significant security risk to affected systems running vulnerable Apache Camel versions.
Mitigation Recommendations
Users should upgrade Apache Camel to version 4.19.0. For those on the 4.18.x LTS stream, upgrade to 4.18.2 is recommended. For users on the 4.14.x LTS stream, upgrading to 4.14.6 addresses the vulnerability. Patch status is confirmed by the vendor advisory recommending these upgrades. No alternative mitigations are indicated.
CVE-2026-47323: CWE-178 Improper Handling of Case Sensitivity in Apache Software Foundation Apache Camel
Description
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) only filter outbound Camel-internal headers via setOutFilterStartsWith, while not configuring inbound filtering via setInFilterStartsWith. As a result, an unauthenticated attacker can inject Camel-internal headers (e.g. CamelExecCommandExecutable, CamelFileName) via HTTP requests to CXF-RS or CXF-SOAP endpoints. When a route forwards messages from these endpoints to header-driven components such as camel-exec or camel-file, the injected headers override configured values, enabling remote code execution or arbitrary file writes. This is the same pattern that was previously addressed in camel-undertow (CVE-2025-30177), the broader incoming-header filter (CVE-2025-27636 and CVE-2025-29891), and non-HTTP strategies (CVE-2026-40453). This issue affects Apache Camel: from 3.18.0 before 4.14.6, from 4.15.0 before 4.18.2. Users are recommended to upgrade to version 4.19.0, which fixes the issue. If users are on the 4.18.x LTS releases stream, then they are suggested to upgrade to 4.18.2. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability (CVE-2026-47323) in Apache Camel affects the CXF and Knative HeaderFilterStrategy implementations, which only filter outbound Camel-internal headers but do not filter inbound headers. This allows an unauthenticated attacker to inject Camel-internal headers such as CamelExecCommandExecutable or CamelFileName via HTTP requests to CXF-RS or CXF-SOAP endpoints. When these messages are forwarded to header-driven components like camel-exec or camel-file, the injected headers can override intended configurations, enabling remote code execution or arbitrary file writes. This vulnerability affects Apache Camel versions from 3.18.0 before 4.14.6 and from 4.15.0 before 4.18.2. The issue is addressed by upgrading to versions 4.14.6, 4.18.2, or 4.19.0.
Potential Impact
An unauthenticated attacker can inject internal headers into HTTP requests, which may override configuration values in components that rely on these headers. This can lead to remote code execution or arbitrary file writes, posing a significant security risk to affected systems running vulnerable Apache Camel versions.
Mitigation Recommendations
Users should upgrade Apache Camel to version 4.19.0. For those on the 4.18.x LTS stream, upgrade to 4.18.2 is recommended. For users on the 4.14.x LTS stream, upgrading to 4.14.6 addresses the vulnerability. Patch status is confirmed by the vendor advisory recommending these upgrades. No alternative mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2026-05-19T08:52:58.990Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0c6779ec166c07b0a99370
Added to database: 5/19/2026, 1:36:57 PM
Last enriched: 5/19/2026, 2:08:08 PM
Last updated: 5/20/2026, 6:52:12 PM
Views: 19
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.