Server-Side Request Forgery Vulnerability in Apache Camel DNS Component
CVE-2026-48205

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
6 July 2026

What is CVE-2026-48205?

An input validation flaw in Apache Camel's DNS component enables attackers to exploit an SSRF vulnerability. This weakness permits manipulation of DNS operation parameters through Headers that lack proper filtering, allowing attackers to direct requests to malicious DNS servers. The vulnerability could lead to information disclosure about internal hostnames and reconnaissance of the network without the need for authentication. It is advised to upgrade to the patched versions or to implement header filtering and validation to mitigate potential attacks.

Affected Version(s)

Apache Camel DNS 4.0.0 < 4.14.8

Apache Camel DNS 4.15.0 < 4.18.3

Apache Camel DNS 4.19.0 < 4.21.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yu Bao from PayPal
Andrea Cosentino
.