Authorization Bypass in Apache Camel Salesforce Component
CVE-2026-49099
What is CVE-2026-49099?
The Apache Camel Salesforce Component is susceptible to an authorization bypass due to improper handling of special elements in output. This vulnerability allows an attacker to manipulate SOQL queries, SOSL searches, and other Salesforce operations by controlling the HTTP headers that are passed through the integration route. By crafting a malicious request, an unauthorized user could exploit this issue to override intended operations and execute unauthorized commands with the full permissions of the Salesforce integration user. To mitigate this risk, users should upgrade to the specified versions and implement best practices for handling sensitive operations within their integrations.
Affected Version(s)
Apache Camel Salesforce 4.0.0 < 4.14.8
Apache Camel Salesforce 4.15.0 < 4.18.3
Apache Camel Salesforce 4.19.0 < 4.21.0