Improper Input Validation Vulnerability in Apache Camel Mail Component
CVE-2026-46584

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
6 July 2026

What is CVE-2026-46584?

An improper input validation vulnerability in the Apache Camel Mail Component allows for the potential exposure of sensitive information due to untrusted input being processed without proper filtering. Specifically, the MailProducer may construct JavaMail sessions with headers from untrusted sources, leading to the risk of credential exposure or weakened security during email transmission. The vulnerability affects several versions and can be mitigated by upgrading to the latest version or by implementing header filtering practices.

Affected Version(s)

Apache Camel Mail 4.0.0 < 4.14.8

Apache Camel Mail 4.15.0 < 4.18.3

Apache Camel Mail 4.19.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yu Bao from PayPal
.