Improper Input Validation and Access Control in Apache Camel's Mongodb GridFS Component
CVE-2026-48204

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
6 July 2026

What is CVE-2026-48204?

A vulnerability exists in Apache Camel's Mongodb GridFS component due to improper input validation and access control. This issue arises when the producer selects GridFS operations based on unvalidated headers when not explicitly set. An attacker can exploit this by injecting crafted headers, allowing unauthorized operations such as deleting files, listing all files, or reading sensitive information without authentication. Affected users should upgrade to version 4.21.0 or appropriate LTS versions to mitigate this risk, ensuring that header names are securely managed.

Affected Version(s)

Apache Camel 4.0.0 < 4.14.8

Apache Camel 4.15.0 < 4.18.3

Apache Camel 4.19.0 < 4.21.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yu Bao from PayPal
Andrea Cosentino
.