PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-48205 Apache CVE debrief

The Apache Camel DNS component has a vulnerability that allows for Server-Side Request Forgery (SSRF) attacks due to improper input validation. This issue affects Apache Camel versions from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, and from 4.19.0 before 4.21.0. The vulnerability allows an attacker to make the dig producer build a SimpleResolver pointing at an attacker-controlled DNS server, allowing for SSRF and internal network reconnaissance. Users of Apache Camel, especially those using the DNS component, should be aware of this vulnerability and take steps to mitigate it.

Vendor
Apache
Product
Camel
CVSS
CRITICAL 9.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-06
Original CVE updated
2026-07-08
Advisory published
2026-07-06
Advisory updated
2026-07-08

Who should care

Users of Apache Camel, especially those using the DNS component, should be aware of this vulnerability and take steps to mitigate it. This includes upgrading to version 4.21.0 or later, using CamelDnsServer / CamelDnsName / CamelDnsDomain / CamelDnsType / CamelDnsClass / CamelDnsTerm instead of dns.* / term names, stripping dns.* and term headers from untrusted ingress before the dns: producer, and setting DNS server and lookup parameters from a trusted source in the route.

Technical summary

The camel-dns producers read DNS operation parameters from Exchange message headers. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy lets them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer into a dns: producer, any HTTP client could set the dns.server header to make the dig producer build a SimpleResolver pointing at an attacker-controlled DNS server, allowing for SSRF and internal network reconnaissance.

Defensive priority

High

Recommended defensive actions

  • Upgrade to version 4.21.0 or later
  • Use CamelDnsServer / CamelDnsName / CamelDnsDomain / CamelDnsType / CamelDnsClass / CamelDnsTerm instead of dns.* / term names
  • Strip dns.* and term headers from untrusted ingress before the dns: producer
  • Set DNS server and lookup parameters from a trusted source in the route
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-06T09:16:37.880Z and was last modified on 2026-07-08T03:14:28.607Z. The NVD entry is currently Analyzed. This information is based on the CVE record and NVD entry. Users should verify the accuracy of this information with the official sources. The vulnerability affects Apache Camel versions from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, and from 4.19.0 before 4.21.0.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T09:16:37.880Z and has not been modified since then. The NVD entry is currently Analyzed.