PT-2026-42459 · Apache · Apache Camel

B0B0Haha

Published

2026-05-21

Updated

2026-05-23

CVE-2026-45760

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache Camel K versions 2.0.0 through 2.8.0 Apache Camel K versions 2.9.0 through 2.9.1 Apache Camel K versions 2.10.0

Description Authorized users in a Kubernetes namespace can create a Build resource to control Pod generation in a namespace of their choice, including the operator namespace. This cross-namespace flaw allows users to hijack pods in secure namespaces through an externally controlled reference to a resource in another sphere and authorization bypass via a user-controlled key.

Recommendations Update versions 2.0.0 through 2.8.0 to 2.8.1. Update versions 2.9.0 through 2.9.1 to 2.9.2. Update version 2.10.0 to 2.10.1.

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639CWE-610

Related Identifiers

CVE-2026-45760

Affected Products

Apache Camel

PT-2026-42459 · Apache · Apache Camel

CVE-2026-45760

Weakness Enumeration

Related Identifiers

Affected Products

References · 7