Improper Input Validation in Apache Camel IRC Component
CVE-2026-49097

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
6 July 2026

What is CVE-2026-49097?

The Apache Camel IRC component is vulnerable due to improper input validation that allows an attacker to manipulate the destination of IRC messages. This occurs when an HTTP route passes headers from an inbound request without proper filtering, allowing any client to redirect messages meant for a configured channel to an arbitrary IRC channel or user. This could result in message exfiltration or delivery of malicious content appearing to be from the bot. Users are advised to upgrade to appropriate patched versions to mitigate this issue.

Affected Version(s)

Apache Camel 4.0.0 < 4.14.8

Apache Camel 4.15.0 < 4.18.3

Apache Camel 4.19.0 < 4.21.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yu Bao from PayPal
Andrea Cosentino
.