Improper Input Validation in Apache Camel AWS2-SQS Component
CVE-2026-46456

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
6 July 2026

What is CVE-2026-46456?

An improper input validation vulnerability in the Apache Camel AWS2-SQS Component allows unauthorized manipulation of Camel control headers through unfiltered inbound message attributes. This flaw may permit an attacker to influence the behavior of downstream routes by injecting arbitrary headers into Camel messages. By enabling the injection of headers such as CamelHttpUri or CamelFileName, the vulnerability exposes systems to potential hijacking of message flows. It is crucial for users to upgrade to patched versions to mitigate this risk or impose strict header management as an immediate workaround.

Affected Version(s)

Apache Camel 4.0.0 < 4.14.8

Apache Camel 4.15.0 < 4.18.3

Apache Camel 4.19.0 < 4.21.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yu Bao from Paypal
.