Improper Input Validation in Apache Camel CXF SOAP Component
CVE-2026-46592
What is CVE-2026-46592?
The vulnerability in Apache Camel CXF SOAP component stems from improper input validation, where the camel-cxf producer can be manipulated to invoke unintended SOAP operations based on the operationName and operationNamespace headers. An attacker can exploit this flaw by sending crafted HTTP requests, potentially causing the system to perform unintended actions, such as invoking destructive operations on the backend SOAP service. This risk is particularly concerning due to the lack of required authentication for certain bridging consumers. Users are strongly advised to upgrade to version 4.21.0 or the respective LTS versions to implement necessary security measures.
Affected Version(s)
Apache Camel 4.0.0 < 4.14.8
Apache Camel 4.15.0 < 4.18.3
Apache Camel 4.19.0 < 4.21.0