PT-2026-55905 · Apache · Apache Camel

Andrea Cosentino

+1

·

Published

2026-07-06

·

Updated

2026-07-06

·

CVE-2026-49098

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9
Description An injection issue exists in the Apache Camel Kafka component due to improper input validation and incorrect neutralization of special elements. The camel-kafka producer allows the configured target topic to be overridden at runtime via the kafka.OVERRIDE TOPIC Exchange header because the KafkaProducer.evaluateTopic() function prioritizes the header value over the endpoint configuration. While the KafkaHeaderFilterStrategy filters the kafka.* namespace during Kafka-to-Exchange serialization, it does not apply to headers arriving from upstream consumers in multi-component routes. For instance, an HTTP consumer using HttpHeaderFilterStrategy only blocks the Camel or camel namespace, allowing kafka.* headers to pass through. Consequently, an unauthenticated HTTP client could use the kafka.OVERRIDE TOPIC header to redirect messages to arbitrary internal topics or inject crafted messages into critical downstream services. Similarly, the kafka.OVERRIDE TIMESTAMP and kafka.PARTITION KEY variables can be injected to backdate messages or target specific partitions.
Recommendations Update Apache Camel versions 4.0.0 through 4.14.7 to version 4.14.8. Update Apache Camel versions 4.15.0 through 4.18.2 to version 4.18.3. Update Apache Camel versions 4.19.0 through 4.20.9 to version 4.21.0. After updating, replace raw kafka.* header names with CamelKafka* names, such as CamelKafkaOverrideTopic and CamelKafkaTopic. As a temporary mitigation, remove kafka.* headers from untrusted ingress using removeHeaders('kafka.*') at the start of the route and ensure the target topic is set from a trusted source.

Special Elements Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-49098

Affected Products

Apache Camel