CVE-2026-33454 - Vulnerability Analysis
CriticalCVSS: 9.4Last Updated: April 28, 2026
Apache Camel - Injection
Overview
Apache Camel from 3.0.0 before 4.14.6 and from 4.15.0 before 4.18.1 contains a message header injection caused by incomplete inbound header filtering in MailHeaderFilterStrategy, letting attackers injecting malicious Camel headers alter route behavior, exploit requires attacker to deliver email to monitored mailbox.
Severity & Score
Impact
Attackers can alter route behavior by injecting malicious headers, potentially disrupting or manipulating application workflows.
Mitigation
Upgrade to version 4.19.0, or 4.18.1 for 4.18.x LTS, or 4.14.6 for 4.14.x LTS.
Social Media Activity(1 post)
🔴 New security advisory: CVE-2026-33454 affects multiple systems. • Impact: Remote code execution or complete system compromise possible • Risk: Attackers can gain full control of affected systems • Mitigation: Patch immediately or isolate affected systems Full breakdown: https://www.yazoul.net/advisory/cve/cve-2026-33454-apache-camel-header-injection-via-email #InfoSec #VulnerabilityManagement #CyberSec
View original postRelated Resources
Details
- CVE ID
- CVE-2026-33454
- Severity
- Critical
- CVSS Score
- 9.4
- Type
- insecure_deserialization
- Status
- confirmed
- EPSS
- 16.4%
- Social Posts
- 1
CWE
- CWE-502
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L