Improper Input Validation in Apache Camel AWS2-SQS Component
CVE-2026-46456
Currently unrated
What is CVE-2026-46456?
An improper input validation vulnerability in the Apache Camel AWS2-SQS Component allows unauthorized manipulation of Camel control headers through unfiltered inbound message attributes. This flaw may permit an attacker to influence the behavior of downstream routes by injecting arbitrary headers into Camel messages. By enabling the injection of headers such as CamelHttpUri or CamelFileName, the vulnerability exposes systems to potential hijacking of message flows. It is crucial for users to upgrade to patched versions to mitigate this risk or impose strict header management as an immediate workaround.
Affected Version(s)
Apache Camel 4.0.0 < 4.14.8
Apache Camel 4.15.0 < 4.18.3
Apache Camel 4.19.0 < 4.21.0