PatchSiren cyber security CVE debrief
CVE-2026-48204 Apache CVE debrief
CVE-2026-48204 is a critical vulnerability in Apache Camel's Camel Mongodb Gridfs component. The vulnerability allows an attacker to perform unintended GridFS operations, including file deletion, enumeration, and reading, by manipulating the gridfs.operation header in an HTTP request. This issue affects Apache Camel versions from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, and from 4.19.0 before 4.21.0.
- Vendor
- Apache
- Product
- Camel
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-06
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-06
- Advisory updated
- 2026-07-08
Who should care
Users of Apache Camel, particularly those using the Camel Mongodb Gridfs component, should be aware of this vulnerability and take steps to mitigate it. This includes upgrading to a patched version of Apache Camel and implementing defensive measures to prevent exploitation.
Technical summary
The vulnerability exists in the camel-mongodb-gridfs producer, which selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set. An attacker can manipulate this header to perform unintended operations, including file deletion, enumeration, and reading. The vulnerability can be exploited without credentials when the bridging consumer is unauthenticated.
Defensive priority
High
Recommended defensive actions
- Upgrade to Apache Camel version 4.21.0 or later
- If using 4.14.x LTS releases, upgrade to 4.14.8
- If using 4.18.x releases, upgrade to 4.18.3
- Set an explicit operation on the mongodb-gridfs: endpoint
- Strip the gridfs.* headers from any untrusted ingress before the producer
- Use CamelGridFsOperation / CamelGridFsObjectId / CamelGridFsMetadata / CamelGridFsChunkSize / CamelGridFsFileId instead of gridfs.* names
Evidence notes
The vulnerability is caused by the use of plain strings for control-header constants, which allows an attacker to manipulate the gridfs.operation header. The issue can be mitigated by upgrading to a patched version of Apache Camel and implementing defensive measures.
Official resources
-
CVE-2026-48204 CVE record
CVE.org
-
CVE-2026-48204 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
-
Mitigation or vendor reference
af854a3a-2127-422b-91ae-364da2661108 - Mailing List, Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T09:16:37.760Z and has not been modified since then. The NVD entry is currently Analyzed.