Improper Input Validation in Apache Camel AWS SNS Component
CVE-2026-56140

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
6 July 2026

What is CVE-2026-56140?

An improper input validation vulnerability exists in the Apache Camel AWS SNS component due to a missing inbound filter rule in the Sns2HeaderFilterStrategy. While the component filters outgoing headers, the lack of an inbound filter can lead to potential security risks. However, the producer-only nature of the camel-aws2-sns component means that there are no known paths for exploitation. This issue has been addressed in subsequent versions, with the addition of an appropriate inbound filter to enhance security. Users are encouraged to upgrade to the latest versions for improved protection and adhere to best practices in permissions management.

Affected Version(s)

Apache Camel AWS2 SNS 4.0.0 < 4.14.8

Apache Camel AWS2 SNS 4.15.0 < 4.18.3

Apache Camel AWS2 SNS 4.19.0 < 4.21.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yu Bao from PayPal
Andrea Cosentino
.