CVE-2026-40453 - Vulnerability Analysis
CriticalCVSS: 9.9Last Updated: April 27, 2026
Apache Camel - Remote Code Execution
Published: April 27, 2026Updated: April 27, 2026Remote Exploitable
Overview
Apache Camel 3.0.0 < 4.14.6, 4.15.0 < 4.18.2, 4.19.0 < 4.20.0 contains a remote code execution caused by case-sensitive header filtering in non-HTTP HeaderFilterStrategy implementations, letting attackers with JMS producer access execute code and write files remotely, exploit requires JMS producer access.
Severity & Score
Severity: Critical
CVSS Score: 9.9
Impact
Attackers with JMS producer access can execute arbitrary code and write files remotely, leading to full system compromise.
Mitigation
Upgrade to versions 4.14.6, 4.18.2, or 4.20.0 depending on your release stream.
Related Resources
Details
- CVE ID
- CVE-2026-40453
- Severity
- Critical
- CVSS Score
- 9.9
- Type
- remote_code_execution
- Status
- unconfirmed
CWE
- CWE-178
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H