Improper Input Validation in Apache Camel JIRA Component
CVE-2026-48206
What is CVE-2026-48206?
The Apache Camel JIRA component is susceptible to an improper input validation and authorization bypass vulnerability. This occurs due to the way it processes operation parameters from Exchange message headers without adequate filtering. The headers, such as IssueKey, ProjectKey, and IssueTransitionId, can be manipulated through unauthenticated HTTP requests, allowing unauthorized operations against the JIRA instance. Attackers may take advantage of this vulnerability to delete or transition issues, create issues in different projects, or modify existing issue fields using the configured service account's permissions. Users are advised to upgrade to the latest versions to mitigate this risk and implement additional controls for untrusted inputs.
Affected Version(s)
Apache Camel JIRA 4.0.0 < 4.14.8
Apache Camel JIRA 4.15.0 < 4.18.3
Apache Camel JIRA 4.19.0 < 4.21.0