CVE-2026-46587
Received
Received - Intake
Improper Input Validation in Apache Camel
Vulnerability report for CVE-2026-46587, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-06
Last updated on: 2026-07-06
Assigner: Apache Software Foundation
Description
Description
Improper Input Validation vulnerability in Apache Camel.
This issue affects Apache Camel: through 4.14.7, from 4.15.0 through 4.18.2, from 4.19.0 through 4.20.0.
Users are recommended to upgrade to version 4.14.8, 4.18.3, 4.21.0, which fixes the issue.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | camel | to 4.14.7|start_including=4.15.0|end_including=4.18.2|start_including=4.19.0|end_including=4.20.0 (exc) |
| apache | camel | 4.14.8 |
| apache | camel | 4.18.3 |
| apache | camel | 4.21.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |