PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-48204 Apache CVE debrief

CVE-2026-48204 is a critical vulnerability in Apache Camel's Camel Mongodb Gridfs component. The vulnerability allows an attacker to perform unintended GridFS operations, including file deletion, enumeration, and reading, by manipulating the gridfs.operation header in an HTTP request. This issue affects Apache Camel versions from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, and from 4.19.0 before 4.21.0.

Vendor
Apache
Product
Camel
CVSS
CRITICAL 9.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-06
Original CVE updated
2026-07-08
Advisory published
2026-07-06
Advisory updated
2026-07-08

Who should care

Users of Apache Camel, particularly those using the Camel Mongodb Gridfs component, should be aware of this vulnerability and take steps to mitigate it. This includes upgrading to a patched version of Apache Camel and implementing defensive measures to prevent exploitation.

Technical summary

The vulnerability exists in the camel-mongodb-gridfs producer, which selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set. An attacker can manipulate this header to perform unintended operations, including file deletion, enumeration, and reading. The vulnerability can be exploited without credentials when the bridging consumer is unauthenticated.

Defensive priority

High

Recommended defensive actions

  • Upgrade to Apache Camel version 4.21.0 or later
  • If using 4.14.x LTS releases, upgrade to 4.14.8
  • If using 4.18.x releases, upgrade to 4.18.3
  • Set an explicit operation on the mongodb-gridfs: endpoint
  • Strip the gridfs.* headers from any untrusted ingress before the producer
  • Use CamelGridFsOperation / CamelGridFsObjectId / CamelGridFsMetadata / CamelGridFsChunkSize / CamelGridFsFileId instead of gridfs.* names

Evidence notes

The vulnerability is caused by the use of plain strings for control-header constants, which allows an attacker to manipulate the gridfs.operation header. The issue can be mitigated by upgrading to a patched version of Apache Camel and implementing defensive measures.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T09:16:37.760Z and has not been modified since then. The NVD entry is currently Analyzed.