CVE-2026-33453 - Vulnerability Analysis
CriticalCVSS: 10.0Last Updated: April 27, 2026
Apache Camel camel-coap - Remote Code Execution
Published: April 27, 2026Updated: April 27, 2026Remote Exploitable
Overview
Apache Camel camel-coap component 4.14.0-4.14.5, 4.18.0 before 4.18.1, and 4.19.0 contains a remote code execution caused by improper header filtering of CoAP URI query parameters, letting unauthenticated attackers inject headers and execute arbitrary OS commands via header-sensitive producers, exploit requires sending a single CoAP UDP packet.
Severity & Score
Severity: Critical
CVSS Score: 10.0
Impact
Unauthenticated attackers can execute arbitrary OS commands remotely, leading to full system compromise under Camel process privileges.
Mitigation
Upgrade to Apache Camel version 4.18.1 or 4.19.0 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-33453
- Severity
- Critical
- CVSS Score
- 10.0
- Type
- broken_authentication
- Status
- unconfirmed
CWE
- CWE-915
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H