PT-2026-35384 · Apache+1 · Apache Camel+2

Hyunwoo Kim

Published

2026-04-27

Updated

2026-04-28

CVE-2026-33454

CVSS v3.1

9.4

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CVE-2026-33454 The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filt… https://t.co/aFcj2mALO4

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2026-33454

GHSA-2VQF-X7G4-7C2G

Affected Products

Apache Camel

Camel

Org.Apache.Camel:Camel-Mail

PT-2026-35384 · Apache+1 · Apache Camel+2

CVE-2026-33454

Weakness Enumeration

Related Identifiers

Affected Products

References · 21