Home

Description

(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace. This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-21 | Updated 2026-05-21 | Assigner apache

Problem types

CWE-610 (Externally Controlled Reference to a Resource in Another Sphere)

CWE-639 (Authorization Bypass Through User-Controlled Key)

Product status

Default status
unaffected

2.0.0 (semver) before 2.8.1
affected

2.9.0 (semver) before 2.9.2
affected

2.10.0 (semver) before 2.10.1
affected

Credits

@j311yl0v3u (2439839508@qq.com) finder

@b0b0haha (603571786@qq.com) finder

References

www.openwall.com/lists/oss-security/2026/05/21/8

camel.apache.org/security/CVE-2026-45760.html vendor-advisory

cve.org (CVE-2026-45760)

nvd.nist.gov (CVE-2026-45760)

Download JSON