Home / Vulnerability Intelligence / CVE-2026-40453

CVE-2026-40453 - Vulnerability Analysis

CriticalCVSS: 9.9

Last Updated: April 28, 2026

Apache Camel - Remote Code Execution

Published: April 27, 2026Updated: April 28, 2026Remote Exploitable

Overview

Apache Camel 3.0.0 < 4.14.6, 4.15.0 < 4.18.2, 4.19.0 < 4.20.0 contains a remote code execution caused by case-sensitive header filtering in non-HTTP HeaderFilterStrategy implementations, letting attackers with JMS producer access execute code and write files remotely, exploit requires JMS producer access.

Severity & Score

Severity: Critical

CVSS Score: 9.9

EPSS Score: 17.2%(Probability of exploitation in next 30 days)

Impact

Attackers with JMS producer access can execute arbitrary code and write files remotely, leading to full system compromise.

Mitigation

Upgrade to versions 4.14.6, 4.18.2, or 4.20.0 depending on your release stream.

References

https://camel.apache.org/security/CVE-2026-40453.html

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 27, 2026

🔴 CVE-2026-40453 - Critical (9.9) The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCase(true) call was no... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40453/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-40453
Severity: Critical
CVSS Score: 9.9
Type: remote_code_execution
Status: confirmed
EPSS: 17.2%
Social Posts: 1

CWE

CWE-178

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

17.2%Probability of exploitation in the next 30 days