<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Wed, 08 Jul 2026 20:56:57 +0000</lastBuildDate>
    <item>
      <title>37b24005-93e4-4784-b009-b5dbfa00dd7a</title>
      <link>https://vulnerability.circl.lu/sighting/37b24005-93e4-4784-b009-b5dbfa00dd7a/export</link>
      <description>{"uuid": "37b24005-93e4-4784-b009-b5dbfa00dd7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53913", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq2olleolc2s", "content": "CVE-2026-53913 - apache camel keycloak\nIn the default configuration of Apache Camel Keycloak, access tokens are not verified, allowing any non-null value in the Authorization: Bearer header to pass. This\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-07T13:12:04.326285Z"}</description>
      <content:encoded>{"uuid": "37b24005-93e4-4784-b009-b5dbfa00dd7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53913", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq2olleolc2s", "content": "CVE-2026-53913 - apache camel keycloak\nIn the default configuration of Apache Camel Keycloak, access tokens are not verified, allowing any non-null value in the Authorization: Bearer header to pass. This\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-07T13:12:04.326285Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/37b24005-93e4-4784-b009-b5dbfa00dd7a/export</guid>
      <pubDate>Tue, 07 Jul 2026 13:12:04 +0000</pubDate>
    </item>
    <item>
      <title>d5d68964-bd47-4f9c-a07c-be144341d3d0</title>
      <link>https://vulnerability.circl.lu/sighting/d5d68964-bd47-4f9c-a07c-be144341d3d0/export</link>
      <description>{"uuid": "d5d68964-bd47-4f9c-a07c-be144341d3d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53913", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpy2hxlw5o2w", "content": "CVE-2026-53913 - Apache Camel Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration the token is never verified and any non-null bearer value is accepted\nCVE ID : CVE-2026-53913\n \n Publishe...", "creation_timestamp": "2026-07-06T12:06:48.802068Z"}</description>
      <content:encoded>{"uuid": "d5d68964-bd47-4f9c-a07c-be144341d3d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53913", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpy2hxlw5o2w", "content": "CVE-2026-53913 - Apache Camel Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration the token is never verified and any non-null bearer value is accepted\nCVE ID : CVE-2026-53913\n \n Publishe...", "creation_timestamp": "2026-07-06T12:06:48.802068Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/d5d68964-bd47-4f9c-a07c-be144341d3d0/export</guid>
      <pubDate>Mon, 06 Jul 2026 12:06:48 +0000</pubDate>
    </item>
    <item>
      <title>44dff39e-02bc-4bd9-b7f9-f3a54ad6d31a</title>
      <link>https://vulnerability.circl.lu/sighting/44dff39e-02bc-4bd9-b7f9-f3a54ad6d31a/export</link>
      <description>{"uuid": "44dff39e-02bc-4bd9-b7f9-f3a54ad6d31a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-53913", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpy24owhaq2i", "content": "CRITICAL: Apache Camel Keycloak improper authentication (CVE-2026-53913) lets attackers bypass auth &amp;amp; gain access in default configs. Upgrade to 4.21.0/4.18.3 or fix policy settings. https://radar.offseq.com/threat/cve-2026-53913-cwe-287-improper-authentication-in--29482412e19e3f00 #OffSeq #Apach...", "creation_timestamp": "2026-07-06T12:00:30.754195Z"}</description>
      <content:encoded>{"uuid": "44dff39e-02bc-4bd9-b7f9-f3a54ad6d31a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-53913", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpy24owhaq2i", "content": "CRITICAL: Apache Camel Keycloak improper authentication (CVE-2026-53913) lets attackers bypass auth &amp;amp; gain access in default configs. Upgrade to 4.21.0/4.18.3 or fix policy settings. https://radar.offseq.com/threat/cve-2026-53913-cwe-287-improper-authentication-in--29482412e19e3f00 #OffSeq #Apach...", "creation_timestamp": "2026-07-06T12:00:30.754195Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/44dff39e-02bc-4bd9-b7f9-f3a54ad6d31a/export</guid>
      <pubDate>Mon, 06 Jul 2026 12:00:30 +0000</pubDate>
    </item>
    <item>
      <title>774d8fb4-e59f-4e9b-83e0-e612d7c455b6</title>
      <link>https://vulnerability.circl.lu/sighting/774d8fb4-e59f-4e9b-83e0-e612d7c455b6/export</link>
      <description>{"uuid": "774d8fb4-e59f-4e9b-83e0-e612d7c455b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-53913", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116872919680337020", "content": "CVE-2026-53913 | CRITICAL | Apache Camel Keycloak: Default KeycloakSecurityPolicy skips token verification, enabling unauthenticated access and possible RCE on 4.15.0 \u2013 4.18.2 &amp;amp; 4.19.0 \u2013 4.20.x. Upgrade to 4.21.0/4.18.3. https://radar.offseq.com/threat/cve-2026-53913-cwe-287-improper-authentication-in--29482412e19e3f00 #OffSeq #ApacheCamel #CVE202653913", "creation_timestamp": "2026-07-06T12:00:29.420516Z"}</description>
      <content:encoded>{"uuid": "774d8fb4-e59f-4e9b-83e0-e612d7c455b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-53913", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116872919680337020", "content": "CVE-2026-53913 | CRITICAL | Apache Camel Keycloak: Default KeycloakSecurityPolicy skips token verification, enabling unauthenticated access and possible RCE on 4.15.0 \u2013 4.18.2 &amp;amp; 4.19.0 \u2013 4.20.x. Upgrade to 4.21.0/4.18.3. https://radar.offseq.com/threat/cve-2026-53913-cwe-287-improper-authentication-in--29482412e19e3f00 #OffSeq #ApacheCamel #CVE202653913", "creation_timestamp": "2026-07-06T12:00:29.420516Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/774d8fb4-e59f-4e9b-83e0-e612d7c455b6/export</guid>
      <pubDate>Mon, 06 Jul 2026 12:00:29 +0000</pubDate>
    </item>
    <item>
      <title>f569d979-7748-4816-a0c7-bffbfadab314</title>
      <link>https://vulnerability.circl.lu/sighting/f569d979-7748-4816-a0c7-bffbfadab314/export</link>
      <description>{"uuid": "f569d979-7748-4816-a0c7-bffbfadab314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53913", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwhr67bwy2o", "content": "CVE-2026-53913: Apache Camel: Camel-Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration (no required roles or permissions) the token is never verified and any non-null bearer value is accepted - a", "creation_timestamp": "2026-07-05T20:59:16.938386Z"}</description>
      <content:encoded>{"uuid": "f569d979-7748-4816-a0c7-bffbfadab314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-53913", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwhr67bwy2o", "content": "CVE-2026-53913: Apache Camel: Camel-Keycloak: KeycloakSecurityPolicy verifies the bearer access token only inside its role and permission checks, so in the default configuration (no required roles or permissions) the token is never verified and any non-null bearer value is accepted - a", "creation_timestamp": "2026-07-05T20:59:16.938386Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f569d979-7748-4816-a0c7-bffbfadab314/export</guid>
      <pubDate>Sun, 05 Jul 2026 20:59:16 +0000</pubDate>
    </item>
  </channel>
</rss>
