RHSA-2026:19835
Vulnerability from csaf_redhat - Published: 2026-05-20 20:47 - Updated: 2026-05-21 14:14Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.SP2)
Severity
Critical
Notes
Topic: An update for Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.SP2).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of Critical.
Details: An update for Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.SP2).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
* neethi: Apache Neethi: Denial of Service via circular policy references [rhboac-camel-quarkus-3] (CVE-2026-42403)
* neethi: Apache Neethi: Information disclosure and network access bypass via PolicyReference API [rhboac-camel-quarkus-3] (CVE-2026-42404)
* neethi: Apache Neethi: Denial of Service via algorithmic complexity in policy normalization [rhboac-camel-quarkus-3] (CVE-2026-42402)
* camel-google-pubsub: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection [rhboac-camel-quarkus-3] (CVE-2026-40453)
* camel-jms: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection [rhboac-camel-quarkus-3] (CVE-2026-40453)
* camel-mail: Camel-Mail: Altered application behavior via header injection [rhboac-camel-quarkus-3] (CVE-2026-33454)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of other components within the Camel application. This could lead to unintended actions or data manipulation.
9.4 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of Apache Camel 4.14 for Quarkus 3.27
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_quarkus:3.27
|
— |
Vendor Fix
fix
|
Threats
Impact
Critical
A flaw was found in Apache Camel. A remote attacker with Java Message Service (JMS) producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows for the injection of malicious headers. Consequently, this could lead to remote code execution and arbitrary file write on affected Camel routes.
9.9 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of Apache Camel 4.14 for Quarkus 3.27
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_quarkus:3.27
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Critical
A flaw was found in Apache Neethi. A remote attacker can exploit this vulnerability by providing specially crafted WS-Policy documents. This triggers an algorithmic complexity issue during policy normalization, leading to an exponential expansion of policy alternatives. This unbounded memory allocation exhausts the Java Virtual Machine (JVM) heap, resulting in a Denial of Service (DoS) condition.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of Apache Camel 4.14 for Quarkus 3.27
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_quarkus:3.27
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Neethi. An attacker can exploit this vulnerability by crafting malicious WS-Policy documents that contain circular policy references. This can cause the policy normalization process to enter an infinite loop or excessive recursion, leading to a stack overflow or application hang. Consequently, a remote attacker can trigger a Denial of Service (DoS) condition.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of Apache Camel 4.14 for Quarkus 3.27
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_quarkus:3.27
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache Neethi. When an application explicitly calls the PolicyReference API to retrieve a policy from a remote Uniform Resource Identifier (URI), Apache Neethi does not impose restrictions on the URI. This allows a remote attacker to cause the application to make outbound requests to arbitrary protocols and internal IP addresses. This could lead to information disclosure or enable further network-based attacks.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of Apache Camel 4.14 for Quarkus 3.27
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_quarkus:3.27
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.SP2).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\nRed Hat Product Security has rated this update as having a security impact of Critical.",
"title": "Topic"
},
{
"category": "general",
"text": "An update for Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.SP2).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:\n* neethi: Apache Neethi: Denial of Service via circular policy references [rhboac-camel-quarkus-3] (CVE-2026-42403)\n* neethi: Apache Neethi: Information disclosure and network access bypass via PolicyReference API [rhboac-camel-quarkus-3] (CVE-2026-42404)\n* neethi: Apache Neethi: Denial of Service via algorithmic complexity in policy normalization [rhboac-camel-quarkus-3] (CVE-2026-42402)\n* camel-google-pubsub: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection [rhboac-camel-quarkus-3] (CVE-2026-40453)\n* camel-jms: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection [rhboac-camel-quarkus-3] (CVE-2026-40453)\n* camel-mail: Camel-Mail: Altered application behavior via header injection [rhboac-camel-quarkus-3] (CVE-2026-33454)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:19835",
"url": "https://access.redhat.com/errata/RHSA-2026:19835"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42403",
"url": "https://access.redhat.com/security/cve/CVE-2026-42403"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42404",
"url": "https://access.redhat.com/security/cve/CVE-2026-42404"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42402",
"url": "https://access.redhat.com/security/cve/CVE-2026-42402"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40453",
"url": "https://access.redhat.com/security/cve/CVE-2026-40453"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33454",
"url": "https://access.redhat.com/security/cve/CVE-2026-33454"
},
{
"category": "external",
"summary": "2463173",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463173"
},
{
"category": "external",
"summary": "2463181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463181"
},
{
"category": "external",
"summary": "2464314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464314"
},
{
"category": "external",
"summary": "2464315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464315"
},
{
"category": "external",
"summary": "2464324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464324"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19835.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.SP2)",
"tracking": {
"current_release_date": "2026-05-21T14:14:50+00:00",
"generator": {
"date": "2026-05-21T14:14:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:19835",
"initial_release_date": "2026-05-20T20:47:38+00:00",
"revision_history": [
{
"date": "2026-05-20T20:47:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-20T20:47:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-21T14:14:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Build of Apache Camel 4.14 for Quarkus 3.27",
"product": {
"name": "Red Hat Build of Apache Camel 4.14 for Quarkus 3.27",
"product_id": "Red Hat Build of Apache Camel 4.14 for Quarkus 3.27",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_quarkus:3.27"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33454",
"cwe": {
"id": "CWE-1173",
"name": "Improper Use of Validation Framework"
},
"discovery_date": "2026-04-27T10:01:41.829738+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463181"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of other components within the Camel application. This could lead to unintended actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Camel: Camel-Mail: Camel-Mail: Altered application behavior via header injection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33454"
},
{
"category": "external",
"summary": "RHBZ#2463181",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463181"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33454",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33454"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33454",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33454"
},
{
"category": "external",
"summary": "https://camel.apache.org/security/CVE-2026-33454.html",
"url": "https://camel.apache.org/security/CVE-2026-33454.html"
}
],
"release_date": "2026-04-27T09:42:39.799000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-20T20:47:38+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19835"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Apache Camel: Camel-Mail: Camel-Mail: Altered application behavior via header injection"
},
{
"cve": "CVE-2026-40453",
"cwe": {
"id": "CWE-178",
"name": "Improper Handling of Case Sensitivity"
},
"discovery_date": "2026-04-27T10:01:14.347755+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463173"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Camel. A remote attacker with Java Message Service (JMS) producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows for the injection of malicious headers. Consequently, this could lead to remote code execution and arbitrary file write on affected Camel routes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Camel: org.apache.camel: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Critical flaw in Apache Camel allows remote code execution and arbitrary file write. An attacker with Java Message Service (JMS) producer access can exploit a discrepancy in header processing, where case-variant internal headers are filtered case-sensitively but processed case-insensitively. This enables the injection of malicious headers into Camel routes that forward JMS messages to header-driven components, posing a significant risk to affected Red Hat products.\n\nThe critical severity is tied to the low complexity and low privileges required by the attack to exploit this vulnerability, this flaw also differs from the CVE-2025-27636 in the fact that an attacker may leverage this flaw to execute code that are beyond the methods already in the classpath meaning the impact for Integrity, Availability and Confidentiality is higher for this CVE and the impact scope may go beyond of only Apache Camel component but can impact the whole server hosting it.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40453"
},
{
"category": "external",
"summary": "RHBZ#2463173",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463173"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40453",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40453"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40453",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40453"
},
{
"category": "external",
"summary": "https://camel.apache.org/security/CVE-2026-40453.html",
"url": "https://camel.apache.org/security/CVE-2026-40453.html"
}
],
"release_date": "2026-04-27T08:23:20.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-20T20:47:38+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19835"
},
{
"category": "workaround",
"details": "This flaw may be mitigated by temporarily disabling routes that allows arbitrary writes and executions (camel-exec and camel-file)",
"product_ids": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Apache Camel: org.apache.camel: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection"
},
{
"cve": "CVE-2026-42402",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-01T10:00:56.575744+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464315"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Neethi. A remote attacker can exploit this vulnerability by providing specially crafted WS-Policy documents. This triggers an algorithmic complexity issue during policy normalization, leading to an exponential expansion of policy alternatives. This unbounded memory allocation exhausts the Java Virtual Machine (JVM) heap, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.neethi: Apache Neethi: Denial of Service via algorithmic complexity in policy normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated Moderate because Apache Neethi, as used in Red Hat products, is susceptible to a denial of service. Remote attackers can provide malicious WS-Policy documents, leading to an algorithmic complexity issue during policy normalization. This results in unbounded memory allocation, exhausting the JVM heap and causing service unavailability. In order to exploit this vulnerability, the attack should have enough privileges in the targeted system to include the maliciously crafted policy document or trick the user to consume it.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42402"
},
{
"category": "external",
"summary": "RHBZ#2464315",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464315"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42402"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42402",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42402"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/p826j0phhmr9f83wzpmys1y0bdfrr2q4",
"url": "https://lists.apache.org/thread/p826j0phhmr9f83wzpmys1y0bdfrr2q4"
}
],
"release_date": "2026-05-01T08:54:41.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-20T20:47:38+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19835"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.neethi: Apache Neethi: Denial of Service via algorithmic complexity in policy normalization"
},
{
"cve": "CVE-2026-42403",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-01T10:00:53.457010+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464314"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Neethi. An attacker can exploit this vulnerability by crafting malicious WS-Policy documents that contain circular policy references. This can cause the policy normalization process to enter an infinite loop or excessive recursion, leading to a stack overflow or application hang. Consequently, a remote attacker can trigger a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.neethi: Apache Neethi: Denial of Service via circular policy references",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in Apache Neethi allows a remote attacker to trigger a Denial of Service condition. By crafting malicious WS-Policy documents with circular references, an attacker can cause the policy normalization process to enter an infinite loop or excessive recursion, leading to application instability or a hang. This can disrupt services relying on Apache Neethi for policy processing. In order to exploit this vulnerability, the attack should have enough privileges in the targeted system to include the maliciously crafted policy document or trick the user to consume it.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42403"
},
{
"category": "external",
"summary": "RHBZ#2464314",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464314"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42403",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42403"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42403",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42403"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/zm6t8skkkskjwk1881l4m4n0l7dqclzo",
"url": "https://lists.apache.org/thread/zm6t8skkkskjwk1881l4m4n0l7dqclzo"
}
],
"release_date": "2026-05-01T08:38:16.035000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-20T20:47:38+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19835"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.apache.neethi: Apache Neethi: Denial of Service via circular policy references"
},
{
"cve": "CVE-2026-42404",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-05-01T11:01:06.738996+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2464324"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Neethi. When an application explicitly calls the PolicyReference API to retrieve a policy from a remote Uniform Resource Identifier (URI), Apache Neethi does not impose restrictions on the URI. This allows a remote attacker to cause the application to make outbound requests to arbitrary protocols and internal IP addresses. This could lead to information disclosure or enable further network-based attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Neethi: Apache Neethi: Information disclosure and network access bypass via PolicyReference API",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42404"
},
{
"category": "external",
"summary": "RHBZ#2464324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42404",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42404"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42404",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42404"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/zdspnt64zznyjyn648553kptx69w23oq",
"url": "https://lists.apache.org/thread/zdspnt64zznyjyn648553kptx69w23oq"
}
],
"release_date": "2026-05-01T09:46:49.958000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-20T20:47:38+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:19835"
},
{
"category": "workaround",
"details": "To mitigate this issue, restrict outbound network access for applications that utilize Apache Neethi\u0027s PolicyReference API, especially if they process untrusted input that could influence the URI used for fetching remote policies. Implement firewall rules or network policies to limit the protocols and IP addresses to which the application can connect. This may impact application functionality if legitimate remote policy fetching is required.",
"product_ids": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of Apache Camel 4.14 for Quarkus 3.27"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Apache Neethi: Apache Neethi: Information disclosure and network access bypass via PolicyReference API"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…