CVE-2026-40047
Received Received - Intake

Argument Injection in Apache Camel Docling Component

Vulnerability report for CVE-2026-40047, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-06

Last updated on: 2026-07-06

Assigner: Apache Software Foundation

Description

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Camel Docling component. The camel-docling component invokes the external `docling` command-line tool by assembling an argument list in DoclingProducer and executing it through java.lang.ProcessBuilder. Custom CLI arguments supplied through the `CamelDoclingCustomArguments` exchange header (a List<String>) were appended to that argument list with insufficient validation: the original implementation relied on a denylist of disallowed flags and only rejected path values that contained a literal `../` sequence. As a result, a Camel route that forwards externally-influenced data into the `CamelDoclingCustomArguments` header (or into the path-bearing headers used to build the invocation) could cause the producer to pass unrecognized or unintended `docling` CLI flags to the subprocess, and could supply path-like argument values that resolved outside the intended directory through traversal sequences not caught by the literal `../` check. Because Camel itself builds the `docling` invocation from these values, the component is responsible for constraining them, and the weak validation allowed CLI-argument injection and directory traversal in the arguments passed to the external tool. The invocation uses the list-based form of ProcessBuilder, so a shell does not interpret the argument values; OS command injection through shell metacharacters was not possible, and the metacharacter rejection added by the fix is defense-in-depth. This issue affects Apache Camel: from 4.15.0 before 4.18.3. Users are recommended to upgrade to a release that contains the CAMEL-23212 fix. On the mainline the fix is included from Apache Camel 4.19.0 (and later releases such as 4.20.0). For users on the 4.18.x LTS releases stream, upgrade to 4.18.3. The fix replaces the denylist with a strict allowlist of recognized `docling` CLI flags (rejecting any unrecognized flag, and rejecting producer-managed flags such as the output-directory flags), defensively rejects shell metacharacters in argument values, and normalizes path-like values with Path.normalize() before validating them so that traversal sequences which bypass a literal `../` check are detected. As defence in depth, route authors should avoid mapping untrusted message content into the `CamelDoclingCustomArguments` header and the path-bearing headers, and should strip Camel-internal headers from messages that arrive from untrusted producers.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-06
Last Modified
2026-07-06
Generated
2026-07-06
AI Q&A
2026-07-06
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
apache camel 4.15.0
apache camel to 4.18.3 (exc)
apache camel 4.19.0
apache camel 4.20.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-88 The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-40047 is a vulnerability in Apache Camel's camel-docling component where custom command-line arguments are insufficiently validated before being passed to the external 'docling' tool.

The component appends user-supplied CLI arguments from the CamelDoclingCustomArguments header to the docling command invocation using ProcessBuilder. The original validation relied on a denylist of disallowed flags and only rejected path values containing a literal '../' sequence, which was not enough.

As a result, attackers can inject unrecognized or unintended CLI flags or supply path-like arguments that bypass the simple '../' check, leading to argument injection and directory traversal attacks.

The vulnerability affects Apache Camel versions from 4.15.0 up to but not including 4.18.3.

Impact Analysis

This vulnerability can allow an attacker to inject unintended command-line arguments into the external docling tool invocation, potentially causing it to behave in unexpected ways.

Additionally, by exploiting directory traversal sequences that bypass the weak validation, an attacker could cause the tool to access or manipulate files outside the intended directories.

Such unauthorized access or manipulation could lead to information disclosure, data corruption, or other security issues depending on the context in which the docling tool is used.

Detection Guidance

Detection of this vulnerability involves identifying if your Apache Camel deployment uses the camel-docling component with versions from 4.15.0 up to but not including 4.18.3, and if it processes untrusted input through the CamelDoclingCustomArguments exchange header.

Since the vulnerability arises from improper validation of CLI arguments passed to the external docling tool, you can check for suspicious or unexpected CLI flags or path-like arguments in logs or traces of the DoclingProducer invocations.

There are no specific commands provided in the available resources to detect exploitation attempts or presence of the vulnerability on your system or network.

Mitigation Strategies

The primary mitigation step is to upgrade Apache Camel to a version that contains the fix for this vulnerability: either version 4.18.3 (for the 4.18.x LTS stream) or 4.19.0 and later (mainline releases).

The fix includes replacing the denylist with a strict allowlist of recognized docling CLI flags, rejecting shell metacharacters in argument values, and normalizing path-like values to detect traversal sequences.

As a defense-in-depth measure, route authors should avoid mapping untrusted message content into the CamelDoclingCustomArguments header and related path-bearing headers.

Additionally, strip Camel-internal headers from messages that arrive from untrusted producers to reduce risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40047. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart