Improper Input Validation and Access Control in Apache Camel's Mongodb GridFS Component
CVE-2026-48204
Currently unrated
What is CVE-2026-48204?
A vulnerability exists in Apache Camel's Mongodb GridFS component due to improper input validation and access control. This issue arises when the producer selects GridFS operations based on unvalidated headers when not explicitly set. An attacker can exploit this by injecting crafted headers, allowing unauthorized operations such as deleting files, listing all files, or reading sensitive information without authentication. Affected users should upgrade to version 4.21.0 or appropriate LTS versions to mitigate this risk, ensuring that header names are securely managed.
Affected Version(s)
Apache Camel 4.0.0 < 4.14.8
Apache Camel 4.15.0 < 4.18.3
Apache Camel 4.19.0 < 4.21.0