Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14.4 for Spring Boot release.
Red Hat build of Apache Camel 4.14.4 for Spring Boot patch release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Security Fix(es): * undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF (CVE-2025-12543) * vertx-core: static handler component cache can be manipulated to deny the access to static files (CVE-2026-1002) * mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects (CVE-2026-27727) * com.mchange/c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects (CVE-2026-27830)
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14.4 for Spring Boot release.
Description
Red Hat build of Apache Camel 4.14.4 for Spring Boot patch release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Security Fix(es): * undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF (CVE-2025-12543) * vertx-core: static handler component cache can be manipulated to deny the access to static files (CVE-2026-1002) * mchange-commons-java: mchange-commons-java: Arbitrary code execution via JNDI dereferencing of crafted objects (CVE-2026-27727) * com.mchange/c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects (CVE-2026-27830)
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:3890
- Cve Count
- 4
- Additional Cves
- ["CVE-2026-1002","CVE-2026-27727","CVE-2026-27830"]
- Cvss Version
- null
Threat ID: 6a160984e29bf47b50650c4a
Added to database: 5/26/2026, 8:58:44 PM
Last updated: 5/26/2026, 8:59:48 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.