{"uuid": "a6884239-c297-427e-8f3f-1a57a10e461d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-49086", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwffn4twj2n", "content": "CVE-2026-49086: Apache Camel: Camel-Dapr: The Dapr Pub/Sub consumer copied the inbound CloudEvent's pub/sub-name and topic into producer-direction routing headers, allowing an actor who can publish to the subscribed topic to redirect the re-published message to an arbitrary Dapr Pub/Su", "creation_timestamp": "2026-07-05T20:17:06.632200Z"}