{"url":"http://public2.vulnerablecode.io/api/packages/1029223?format=json","purl":"pkg:maven/org.apache.camel/camel-coap@4.14.1","type":"maven","namespace":"org.apache.camel","name":"camel-coap","version":"4.14.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.14.6","latest_non_vulnerable_version":"4.20.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78000?format=json","vulnerability_id":"VCID-bq6x-r1dc-tkhd","summary":"Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component.\n\nApache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code execution when routes forward CoAP requests to header-sensitive producers (e.g. camel-exec)\n\nThe camel-coap component maps incoming CoAP request URI query parameters directly into Camel Exchange In message headers without applying any HeaderFilterStrategy.    \nSpecifically, CamelCoapResource.handleRequest() iterates over OptionSet.getUriQuery() and calls camelExchange.getIn().setHeader(...) for every query parameter. CoAPEndpoint extends DefaultEndpoint rather than DefaultHeaderFilterStrategyEndpoint, and CoAPComponent does not implement HeaderFilterStrategyComponent; the component contains no references to HeaderFilterStrategy at all.\n\nAs a result, an unauthenticated attacker who can send a single CoAP UDP packet to a Camel route consuming from coap:// can inject arbitrary Camel internal headers (those prefixed with Camel*) into the Exchange. When the route delivers the message to a header-sensitive producer such as camel-exec, camel-sql, camel-bean, camel-file, or template components (camel-freemarker, camel-velocity), the injected headers can alter the producer's behavior. In the case of camel-exec, the CamelExecCommandExecutable and CamelExecCommandArgs headers override the executable and arguments configured on the endpoint, resulting in arbitrary OS command execution under the privileges of the Camel process.\n\nThe producer's output is written back to the Exchange body and returned in the CoAP response payload by CamelCoapResource, giving the attacker an interactive RCE channel without any need for out-of-band exfiltration.\n                                                                                                                                                                         \nExploitation prerequisites are minimal: a single unauthenticated UDP datagram to the CoAP port (default 5683). CoAP (RFC 7252) has no built-in authentication, and DTLS is optional and disabled by default. Because the protocol is UDP-based, HTTP-layer WAF/IDS controls do not apply.\nThis issue affects Apache Camel: from 4.14.0 through 4.14.5, from 4.18.0 before 4.18.1, 4.19.0.\n\nUsers are recommended to upgrade to version 4.18.1 or 4.19.0, fixing the issue.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33453.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33453.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33453","reference_id":"","reference_type":"","scores":[{"value":"0.07438","scoring_system":"epss","scoring_elements":"0.91941","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33453"},{"reference_url":"https://github.com/apache/camel/blob/main/components/camel-coap","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/blob/main/components/camel-coap"},{"reference_url":"https://github.com/apache/camel/commit/05cffa5ec05ff2ec3c50a77825625da6e426e7a8","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/05cffa5ec05ff2ec3c50a77825625da6e426e7a8"},{"reference_url":"https://github.com/apache/camel/commit/3926ab2b7745e36da2cd8e0dc019018bc415aff9","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/3926ab2b7745e36da2cd8e0dc019018bc415aff9"},{"reference_url":"https://github.com/apache/camel/commit/e074c01a719cccf3b1c2efbd2ff31e60fd6220ce","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/e074c01a719cccf3b1c2efbd2ff31e60fd6220ce"},{"reference_url":"https://github.com/apache/camel/pull/22146","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/pull/22146"},{"reference_url":"https://github.com/apache/camel/pull/22147","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/pull/22147"},{"reference_url":"https://github.com/apache/camel/pull/22148","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/pull/22148"},{"reference_url":"https://issues.apache.org/jira/browse/CAMEL-23222","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/CAMEL-23222"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33453","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33453"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/26/3","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/26/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463184","reference_id":"2463184","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463184"},{"reference_url":"https://camel.apache.org/security/CVE-2026-33453.html","reference_id":"CVE-2026-33453.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"10.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-27T14:48:15Z/"}],"url":"https://camel.apache.org/security/CVE-2026-33453.html"},{"reference_url":"https://github.com/advisories/GHSA-695c-x5gc-94gj","reference_id":"GHSA-695c-x5gc-94gj","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-695c-x5gc-94gj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17668","reference_id":"RHSA-2026:17668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17668"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373919?format=json","purl":"pkg:maven/org.apache.camel/camel-coap@4.14.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-coap@4.14.6"},{"url":"http://public2.vulnerablecode.io/api/packages/374134?format=json","purl":"pkg:maven/org.apache.camel/camel-coap@4.18.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-caae-x7p7-53cs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-coap@4.18.1"}],"aliases":["CVE-2026-33453","GHSA-695c-x5gc-94gj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bq6x-r1dc-tkhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83884?format=json","vulnerability_id":"VCID-caae-x7p7-53cs","summary":"The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was not applied to five non-HTTP HeaderFilterStrategy implementations: JmsHeaderFilterStrategy and ClassicJmsHeaderFilterStrategy in camel-jms, SjmsHeaderFilterStrategy in camel-sjms, CoAPHeaderFilterStrategy in camel-coap, and GooglePubsubHeaderFilterStrategy in camel-google-pubsub. Because those strategies use case-sensitive String.startsWith('Camel'/'camel') filtering while the Camel Exchange stores headers in a case-insensitive map, an attacker with JMS (or equivalent) producer access to the broker consumed by a Camel route can inject case-variant Camel internal headers, which are then resolved by downstream components such as camel-exec and camel-file using their canonical casing. This enables remote code execution and arbitrary file write on routes that forward JMS messages to header-driven components.\n\nThis issue affects Apache Camel: from 3.0.0 before 4.14.6, from 4.15.0 before 4.18.2, from 4.19.0 before 4.20.0.\n\nUsers are recommended to upgrade to version 4.20.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.6. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.2.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40453.json","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40453.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40453","reference_id":"","reference_type":"","scores":[{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45736","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40453"},{"reference_url":"https://github.com/apache/camel","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel"},{"reference_url":"https://github.com/apache/camel/commit/1e331daa4eea0a3f01d951e74cda8faee79495a2","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/1e331daa4eea0a3f01d951e74cda8faee79495a2"},{"reference_url":"https://github.com/apache/camel/commit/301bb7401cd480895b94a28a8ad6cf04952d8125","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/301bb7401cd480895b94a28a8ad6cf04952d8125"},{"reference_url":"https://github.com/apache/camel/commit/3d2efeed2f6ea757f0254a1d1cdeb9a4f28ca147","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/commit/3d2efeed2f6ea757f0254a1d1cdeb9a4f28ca147"},{"reference_url":"https://github.com/apache/camel/pull/22569","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/pull/22569"},{"reference_url":"https://github.com/apache/camel/pull/22575","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/pull/22575"},{"reference_url":"https://github.com/apache/camel/pull/22576","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/camel/pull/22576"},{"reference_url":"https://issues.apache.org/jira/browse/CAMEL-23313","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/CAMEL-23313"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40453","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40453"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463173","reference_id":"2463173","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463173"},{"reference_url":"https://camel.apache.org/security/CVE-2026-40453.html","reference_id":"CVE-2026-40453.html","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-27T15:18:38Z/"}],"url":"https://camel.apache.org/security/CVE-2026-40453.html"},{"reference_url":"https://github.com/advisories/GHSA-jg2m-9x48-3gvj","reference_id":"GHSA-jg2m-9x48-3gvj","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jg2m-9x48-3gvj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17668","reference_id":"RHSA-2026:17668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17668"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19835","reference_id":"RHSA-2026:19835","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373919?format=json","purl":"pkg:maven/org.apache.camel/camel-coap@4.14.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-coap@4.14.6"},{"url":"http://public2.vulnerablecode.io/api/packages/373920?format=json","purl":"pkg:maven/org.apache.camel/camel-coap@4.18.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-coap@4.18.2"},{"url":"http://public2.vulnerablecode.io/api/packages/373921?format=json","purl":"pkg:maven/org.apache.camel/camel-coap@4.20.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-coap@4.20.0"}],"aliases":["CVE-2026-40453","GHSA-jg2m-9x48-3gvj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-caae-x7p7-53cs"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.camel/camel-coap@4.14.1"}