PT-2026-55906 · Apache+1 · Apache Camel+1
Andrea Cosentino
+1
·
Published
2026-07-06
·
Updated
2026-07-06
·
CVE-2026-49099
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Apache Camel versions 4.0.0 through 4.14.7
Apache Camel versions 4.15.0 through 4.18.2
Apache Camel versions 4.19.0 through 4.20.9
Description
An injection and authorization bypass issue exists in the Apache Camel Salesforce component. The
camel-salesforce producer resolves operation parameters—including SOQL queries, SOSL searches, target SObject names and IDs, Apex REST URLs, methods, and query parameters—from Exchange message headers, prioritizing these over endpoint configurations via the getParameter() function. Because the control-header constants in SalesforceEndpointConfig (such as sObjectQuery, sObjectSearch, sObjectName, sObjectId, apexUrl, and apexMethod) lacked the Camel prefix, they were not blocked by the HttpHeaderFilterStrategy at the HTTP boundary. In routes bridging an HTTP consumer to a Salesforce producer, an unauthenticated HTTP client can inject these headers to override intended operations. This allows attackers to execute unauthorized SOQL queries, SOSL searches, CRUD operations, or redirect Apex REST calls using the broad permissions of the connected Salesforce integration user.Recommendations
Upgrade Apache Camel versions 4.0.0 through 4.14.7 to version 4.14.8.
Upgrade Apache Camel versions 4.15.0 through 4.18.2 to version 4.18.3.
Upgrade Apache Camel versions 4.19.0 through 4.20.9 to version 4.21.0.
After upgrading, update routes that set Salesforce operation parameters via raw header names to use
CamelSalesforce* names (e.g., CamelSalesforceSObjectQuery and CamelSalesforceApexUrl) instead of sObject* or apex* values.
As a temporary mitigation, strip Salesforce control headers from untrusted ingress before the Salesforce producer by using removeHeaders('sObject*') and removeHeaders('apex*') at the start of the route, and ensure parameters are set from a trusted source.IDOR
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Camel
Salesforce