Home / Vulnerability Intelligence / CVE-2026-33453

CVE-2026-33453 - Vulnerability Analysis

CriticalCVSS: 10.0

Last Updated: April 28, 2026

Apache Camel camel-coap - Remote Code Execution

Published: April 27, 2026Updated: April 28, 2026PoC AvailableRemote Exploitable

Overview

Apache Camel camel-coap component 4.14.0-4.14.5, 4.18.0 before 4.18.1, and 4.19.0 contains a remote code execution caused by improper header filtering of CoAP URI query parameters, letting unauthenticated attackers inject headers and execute arbitrary OS commands via header-sensitive producers, exploit requires sending a single CoAP UDP packet.

Severity & Score

Severity: Critical

CVSS Score: 10.0

EPSS Score: 38.7%(Probability of exploitation in next 30 days)

Impact

Unauthenticated attackers can execute arbitrary OS commands remotely, leading to full system compromise under Camel process privileges.

Mitigation

Upgrade to Apache Camel version 4.18.1 or 4.19.0 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 27, 2026

🔴 CVE-2026-33453 - Critical (10) Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message header injection, leading to remote code executi... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-33453/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(1 repo)

https://github.com/dinosn/apache-camel

Related Resources

Details

CVE ID: CVE-2026-33453
Severity: Critical
CVSS Score: 10.0
Type: broken_authentication
Status: confirmed
EPSS: 38.7%
Social Posts: 1

CWE

CWE-915

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

38.7%Probability of exploitation in the next 30 days