Improper Authentication in Apache Camel Keycloak Component
CVE-2026-53913

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
6 July 2026

What is CVE-2026-53913?

The Apache Camel Keycloak Component contains a vulnerability where improper authentication leads to potential unauthorized access. The KeycloakSecurityPolicy’s default configuration may allow requests with invalid tokens to bypass checks entirely. This means that as long as a request carries a non-null value in the Authorization header, it can reach protected routes without undergoing necessary validation for role and permission checks. This flaw poses significant risks, especially when the protected route performs sensitive operations, including possible remote code execution. Users are advised to upgrade to Apache Camel version 4.21.0 or configure security policies with proper role or permission checks to mitigate this vulnerability.

Affected Version(s)

Apache Camel Keycloak 4.15.0 < 4.18.3

Apache Camel Keycloak 4.19.0 < 4.21.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lidor Ben Shitrit from Novee Security
Andrea Cosentino
.