Server-Side Request Forgery and Injection Risk in Apache Camel Solr Component
CVE-2026-48203
What is CVE-2026-48203?
A vulnerability exists in the Apache Camel Solr component that allows an attacker to exploit improper input validation and header handling. Specifically, malicious users can manipulate Exchange message headers intended for Solr requests, potentially leading to server-side request forgery (SSRF) attacks. This situation arises when headers prefixed with SolrParam. and SolrField. are not adequately filtered, allowing for arbitrary Solr parameters to be injected into requests. This could lead to unauthorized access to internal services or metadata endpoints. Users are advised to upgrade to the latest versions (4.21.0 or 4.14.8) to mitigate this vulnerability. In scenarios where immediate upgrading is not feasible, it is essential to strip untrusted Solr headers prior to the Solr producer or utilize trusted sources for necessary parameters.
Affected Version(s)
Apache Camel 4.0.0 < 4.14.8
Apache Camel 4.15.0 < 4.18.3
Apache Camel 4.19.0 < 4.21.0