securityonline.info 7/10/2026, 6:50:51 PM · external

Apache Camel fixes SSRF, header injection and Keycloak auth bugs

Apache Camel fixes SSRF, header injection and Keycloak auth bugs
CyberSIXT Evidence Panel
Primary Source camel.apache.org

THE Apache Camel project has patched four high-severity vulnerabilities across multiple components, primarily allowing attackers to inject control headers and execute server-side request forgery (SSRF) attacks, alongside a critical authentication bypass in camel-keycloak. The header injection vulnerabilities can expose secrets by resolving placeholders for environment variables and application properties on attacker-defined URIs.

The Keycloak flaw could lead to unauthorized access via a non-restricted bearer token due to default policy misconfigurations. Users are advised to upgrade to version 4.21.0 or later to mitigate these risks, and temporary measures include stripping Camel headers and enhancing authentication protocols.

View Primary Source Via securityonline.info

Article by CyberSIXT