Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2026-55994: CWE-20 Improper Input Validation in Apache Software Foundation Apache Camel Iggy

0
High
VulnerabilityCVE-2026-55994cvecve-2026-55994cwe-20cwe-200cwe-918
Published: 07/06/2026 (07/06/2026, 08:13:59 UTC)
Source: CVE Database V5
Vendor/Project: Apache Software Foundation
Product: Apache Camel Iggy

Description

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel in Iggy component. The camel-iggy consumer mapped the user-headers of inbound Iggy messages into the Camel Exchange header map without applying any HeaderFilterStrategy (IggyFetchRecords copied the message user-headers straight into the Exchange). Because nothing blocked the Camel header namespace, an actor able to publish to the consumed Iggy stream/topic could set Camel-internal control headers - including CamelHttpUri (Exchange.HTTP_URI) - simply by supplying them as message user-headers. In a route where the Iggy consumer feeds a downstream HTTP producer, the injected CamelHttpUri redirects the server-side HTTP request to an attacker-chosen destination (server-side request forgery - for example to an internal service or a cloud metadata endpoint). In addition, the HTTP producer resolves Camel property placeholders on the resulting (attacker-controlled) URI, so placeholders embedded in the injected value - such as an environment-variable reference, an application property, or a vault reference - are resolved to their real values and sent to the attacker, disclosing environment variables, application properties and vault secrets. This issue affects Apache Camel: from 4.17.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. The fix adds a dedicated IggyHeaderFilterStrategy (and a headerFilterStrategy endpoint option) that filters the Camel header namespace case-insensitively on inbound mapping, so externally-supplied Camel* / camel* headers are no longer copied into the Exchange. For deployments that cannot upgrade immediately, strip the Camel control headers from the inbound message before they reach any downstream producer (for example removeHeaders('Camel*') and removeHeaders('camel*') at the start of the route), restrict who can publish to the consumed Iggy stream/topic, and avoid bridging an untrusted consumer directly into an HTTP producer whose target URI can be driven from message headers.

Affected software

Apache Software Foundation/org.apache.camel:camel-iggy
pkg:maven/Apache Software Foundation/org.apache.camel:camel-iggy
Affected versions
>=4.17.0 <4.18.3>=4.19.0 <4.21.0

Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/06/2026, 09:06:50 UTC

Technical Analysis

The Apache Camel Iggy consumer component improperly maps user-supplied message headers into the Camel Exchange header map without filtering. This allows an attacker able to publish to the Iggy stream/topic to inject Camel control headers such as CamelHttpUri. When the Iggy consumer feeds a downstream HTTP producer, the injected CamelHttpUri causes the server-side HTTP request to be redirected to an attacker-controlled destination, enabling SSRF. Furthermore, the HTTP producer resolves Camel property placeholders in the attacker-controlled URI, leaking sensitive environment variables, application properties, and vault secrets. The vulnerability affects Apache Camel versions >=4.17.0 <4.18.3 and >=4.19.0 <4.21.0. The issue is fixed in versions 4.18.3 and 4.21.0 by introducing a case-insensitive header filter strategy that blocks externally supplied Camel* headers from being copied into the Exchange. For users unable to upgrade immediately, recommended mitigations include stripping Camel control headers from inbound messages, restricting publishing access to the Iggy stream/topic, and avoiding direct bridging of untrusted consumers into HTTP producers with header-driven URIs.

Potential Impact

An attacker with the ability to publish to the Iggy stream/topic can exploit this vulnerability to perform server-side request forgery (SSRF), redirecting server-side HTTP requests to attacker-chosen destinations, including internal services or cloud metadata endpoints. Additionally, the attacker can cause disclosure of sensitive information such as environment variables, application properties, and vault secrets by injecting placeholders in the URI that are resolved by the HTTP producer. This can lead to unauthorized access to sensitive internal data and potential further compromise of the affected system.

Mitigation Recommendations

A fix is available in Apache Camel versions 4.18.3 and 4.21.0, which add a dedicated IggyHeaderFilterStrategy to block externally supplied Camel* headers. Users are strongly recommended to upgrade to these fixed versions. For deployments that cannot upgrade immediately, mitigations include stripping Camel control headers (e.g., removeHeaders('Camel*') and removeHeaders('camel*')) at the start of the route, restricting who can publish to the consumed Iggy stream/topic, and avoiding bridging untrusted consumers directly into HTTP producers where the target URI is driven from message headers.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
apache
Date Reserved
2026-06-18T08:14:02.970Z
Cvss Version
null
State
PUBLISHED
Remediation Level
null

Threat ID: 6a4b6cb027e9c797192526a4

Added to database: 07/06/2026, 08:52:00 UTC

Last enriched: 07/06/2026, 09:06:50 UTC

Last updated: 07/06/2026, 11:09:50 UTC

Views: 7

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses