VDB
GHSA-27vm-5vpj-rp5g
GHSA-27vm-5vpj-rp5g
PUBLISHED
CVSS 8.199999809265137 HIGH
Apache Camel Vulnerable to Authentication Bypass Using an Alternate Path or Channel
Risk Scores
CVSS 3.1
8.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.apache.camel:camel-platform-http-main | 4.14.1, 4.19.0, 4.18.0 |
Timeline
- Apr 27, 2026 CVE Published
- May 5, 2026 CVE Updated
- May 6, 2026 Security Advisory
References
- https://nvd.nist.gov/vuln/detail/CVE-2026-40022 advisory
- https://github.com/apache/camel/pull/22474 url
- https://github.com/apache/camel/pull/22475 url
- https://github.com/apache/camel/pull/22476 url
- https://github.com/apache/camel/commit/6ec12cbebfc1b6360cdaac1c1f8c681864911695 url
- https://github.com/apache/camel/commit/7b5b8c0283c0ab8d703d868ded7614018762a553 url
- https://github.com/apache/camel/commit/a9ebee94af976ac2afd7906d2e76673067d8be86 url
- https://camel.apache.org/security/CVE-2026-40022.html url
- https://github.com/apache/camel package
- http://www.openwall.com/lists/oss-security/2026/04/26/5 url