{"vulnerability": "CVE-2026-46454", "sightings": [{"uuid": "520a5c16-101f-4cd9-96d5-c2b06d0ecfda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46454", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mpwd6qnra62b", "content": "CVE-2026-46454: Apache Camel: Camel-Cometd: Inbound Bayeux message headers are mapped into the Exchange without a HeaderFilterStrategy, allowing unauthenticated clients to inject Camel control headers", "creation_timestamp": "2026-07-05T19:37:23.534111Z"}, {"uuid": "539db8f8-2dd3-4d46-9b47-b383a3469ee0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-46454", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpypo5e3fk2s", "content": "CVE-2026-46454 - apache camel\nApache Camel's CometD component doesn't check incoming messages for security. This allows unauthenticated clients to inject custom headers that can affect how the\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#apachecamel #apachefoundation #CVE #infosec", "creation_timestamp": "2026-07-06T18:26:04.940886Z"}]}