CVE-2026-40022 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: April 27, 2026
Apache Camel - Authentication Bypass
Published: April 27, 2026Updated: April 27, 2026Remote Exploitable
Overview
Apache Camel 4.14.1 < 4.14.6 and 4.18.0 < 4.18.2 contains an authentication bypass caused by improper authentication path matching in embedded HTTP and management servers, letting unauthenticated attackers access protected subpaths and disclose runtime metadata, exploit requires authentication enabled with non-root context paths.
Severity & Score
Severity: High
CVSS Score: 8.2
Impact
Unauthenticated attackers can access protected endpoints and disclose sensitive runtime metadata, risking information disclosure and potential further attacks.
Mitigation
Upgrade to 4.20.0, or 4.14.6 for 4.14.x LTS, or 4.18.2 for 4.18.x LTS.
References
Related Resources
Details
- CVE ID
- CVE-2026-40022
- Severity
- High
- CVSS Score
- 8.2
- Type
- broken_authentication
- Status
- unconfirmed
CWE
- CWE-288
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N