Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 0.2%top 95%

CVE-2026-48205: CWE-20 Improper Input Validation in Apache Software Foundation Apache Camel DNS

0
Critical
VulnerabilityCVE-2026-48205cvecve-2026-48205cwe-20cwe-918
Published: 07/06/2026 (07/06/2026, 08:08:19 UTC)
Source: CVE Database V5
Vendor/Project: Apache Software Foundation
Product: Apache Camel DNS

Description

Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel DNS component. The camel-dns producers read DNS operation parameters - the resolver to query, the name or domain to look up, the record type and class, and the search term - from Exchange message headers whose constant values (DnsConstants.DNS_SERVER, DNS_NAME, DNS_DOMAIN, DNS_TYPE, DNS_CLASS, TERM) were the plain strings dns.server, dns.name, dns.domain, dns.type, dns.class and term. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a dns: producer, any HTTP client could therefore set the dns.server header to make the dig producer build a SimpleResolver pointing at an attacker-controlled DNS server - a server-side request forgery via DNS, through which the attacker observes the queried name and can return poisoned responses - and set the dns.name / dns.domain headers to resolve arbitrary internal hostnames, disclosing whether they exist (internal network reconnaissance). No credentials are required when the bridging consumer is unauthenticated. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that drive DNS operations via the raw header names must use CamelDnsServer / CamelDnsName / CamelDnsDomain / CamelDnsType / CamelDnsClass / CamelDnsTerm instead of the dns.* / term names. For deployments that cannot upgrade immediately, strip the dns.* and term headers from any untrusted ingress before the dns: producer, and set the DNS server and lookup parameters from a trusted source in the route.

CVSS v3.1

Score 9.1critical

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected software

Apache Software Foundation/org.apache.camel:camel-dns
pkg:maven/Apache Software Foundation/org.apache.camel:camel-dns
Affected versions
>=4.0.0 <4.14.8>=4.15.0 <4.18.3>=4.19.0 <4.21.0

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/06/2026, 09:07:57 UTC

Technical Analysis

The Apache Camel DNS component improperly validates input by allowing DNS operation parameters to be set via HTTP headers that are not filtered by the HttpHeaderFilterStrategy. This enables an attacker to control the DNS resolver used by the dig producer, causing server-side request forgery through DNS. Attackers can observe queried names, receive poisoned DNS responses, and perform internal hostname reconnaissance without authentication if the route bridges an HTTP consumer to a dns: producer. The vulnerability affects multiple version streams of Apache Camel DNS and is fixed in versions 4.14.8, 4.18.3, and 4.21.0. Mitigation involves upgrading to these versions or filtering out the vulnerable headers from untrusted sources.

Potential Impact

An attacker can exploit this vulnerability to perform server-side request forgery via DNS, allowing them to direct DNS queries to attacker-controlled servers, observe internal DNS queries, receive malicious DNS responses, and discover internal hostnames. This can lead to internal network reconnaissance and potential DNS poisoning attacks. No authentication is required if the HTTP consumer is unauthenticated, increasing the risk in exposed deployments.

Mitigation Recommendations

Users should upgrade to Apache Camel DNS version 4.21.0 or later. For users on the 4.14.x LTS stream, upgrade to 4.14.8; for the 4.18.x stream, upgrade to 4.18.3. After upgrading, routes must use the Camel-prefixed header names (CamelDnsServer, CamelDnsName, CamelDnsDomain, CamelDnsType, CamelDnsClass, CamelDnsTerm) instead of the vulnerable dns.* and term headers. For deployments unable to upgrade immediately, it is recommended to strip the dns.* and term headers from any untrusted ingress before the dns: producer and set DNS parameters from trusted sources within the route.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
apache
Date Reserved
2026-05-21T09:01:03.728Z
Cvss Version
null
State
PUBLISHED
Remediation Level
null

Threat ID: 6a4b6cae27e9c79719252379

Added to database: 07/06/2026, 08:51:58 UTC

Last enriched: 07/06/2026, 09:07:57 UTC

Last updated: 07/06/2026, 23:07:55 UTC

Views: 5

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses