Improper Input Validation in Apache Camel CXF SOAP Component
CVE-2026-46592

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
6 July 2026

What is CVE-2026-46592?

The vulnerability in Apache Camel CXF SOAP component stems from improper input validation, where the camel-cxf producer can be manipulated to invoke unintended SOAP operations based on the operationName and operationNamespace headers. An attacker can exploit this flaw by sending crafted HTTP requests, potentially causing the system to perform unintended actions, such as invoking destructive operations on the backend SOAP service. This risk is particularly concerning due to the lack of required authentication for certain bridging consumers. Users are strongly advised to upgrade to version 4.21.0 or the respective LTS versions to implement necessary security measures.

Affected Version(s)

Apache Camel 4.0.0 < 4.14.8

Apache Camel 4.15.0 < 4.18.3

Apache Camel 4.19.0 < 4.21.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yu Bao from Paypal
Andrea Cosentino
.