Improper Authentication in Apache Camel Keycloak Component
CVE-2026-53913
What is CVE-2026-53913?
The Apache Camel Keycloak Component contains a vulnerability where improper authentication leads to potential unauthorized access. The KeycloakSecurityPolicy’s default configuration may allow requests with invalid tokens to bypass checks entirely. This means that as long as a request carries a non-null value in the Authorization header, it can reach protected routes without undergoing necessary validation for role and permission checks. This flaw poses significant risks, especially when the protected route performs sensitive operations, including possible remote code execution. Users are advised to upgrade to Apache Camel version 4.21.0 or configure security policies with proper role or permission checks to mitigate this vulnerability.
Affected Version(s)
Apache Camel Keycloak 4.15.0 < 4.18.3
Apache Camel Keycloak 4.19.0 < 4.21.0