Authorization Bypass in Apache Camel Salesforce Component
CVE-2026-49099

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
6 July 2026

What is CVE-2026-49099?

The Apache Camel Salesforce Component is susceptible to an authorization bypass due to improper handling of special elements in output. This vulnerability allows an attacker to manipulate SOQL queries, SOSL searches, and other Salesforce operations by controlling the HTTP headers that are passed through the integration route. By crafting a malicious request, an unauthorized user could exploit this issue to override intended operations and execute unauthorized commands with the full permissions of the Salesforce integration user. To mitigate this risk, users should upgrade to the specified versions and implement best practices for handling sensitive operations within their integrations.

Affected Version(s)

Apache Camel Salesforce 4.0.0 < 4.14.8

Apache Camel Salesforce 4.15.0 < 4.18.3

Apache Camel Salesforce 4.19.0 < 4.21.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yu Bao from PayPal
Andrea Cosentino
.