RHSA-2026:19835CriticalCVSS 9.9
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.SP2)
🔗 CVE IDs covered (5)
📋 Description
CVE-2026-33454 — Apache Camel: Camel-Mail: Camel-Mail: Altered application behavior via header injection CVE-2026-40453 — Apache Camel: org.apache.camel: Apache Camel: Remote Code Execution and Arbitrary File Write via case-variant header injection CVE-2026-42402 — org.apache.neethi: Apache Neethi: Denial of Service via algorithmic complexity in policy normalization CVE-2026-42403 — org.apache.neethi: Apache Neethi: Denial of Service via circular policy references CVE-2026-42404 — Apache Neethi: Apache Neethi: Information disclosure and network access bypass via PolicyReference API
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2026:19835
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://access.redhat.com/security/cve/CVE-2026-42403
- externalhttps://access.redhat.com/security/cve/CVE-2026-42404
- externalhttps://access.redhat.com/security/cve/CVE-2026-42402
- externalhttps://access.redhat.com/security/cve/CVE-2026-40453
- externalhttps://access.redhat.com/security/cve/CVE-2026-33454
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2463173
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2463181
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464314
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464315
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464324
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19835.json