Improper Input Validation in Apache Camel JIRA Component
CVE-2026-48206

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
6 July 2026

What is CVE-2026-48206?

The Apache Camel JIRA component is susceptible to an improper input validation and authorization bypass vulnerability. This occurs due to the way it processes operation parameters from Exchange message headers without adequate filtering. The headers, such as IssueKey, ProjectKey, and IssueTransitionId, can be manipulated through unauthenticated HTTP requests, allowing unauthorized operations against the JIRA instance. Attackers may take advantage of this vulnerability to delete or transition issues, create issues in different projects, or modify existing issue fields using the configured service account's permissions. Users are advised to upgrade to the latest versions to mitigate this risk and implement additional controls for untrusted inputs.

Affected Version(s)

Apache Camel JIRA 4.0.0 < 4.14.8

Apache Camel JIRA 4.15.0 < 4.18.3

Apache Camel JIRA 4.19.0 < 4.21.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yu Bao from PayPal
Andrea Cosentino
.