CVE-2026-40047

Apache Software Foundation · Apache Camel

An argument injection vulnerability in the Apache Camel Docling component allows attackers to inject malicious CLI flags and perform directory traversal via improperly sanitized exchange headers.

Executive summary

An argument injection vulnerability in Apache Camel’s Docling component enables attackers to manipulate system command execution, potentially leading to unauthorized file access.

Vulnerability

The component uses insufficient validation when constructing command-line arguments for the docling tool. An attacker can supply malicious flags or traversal sequences through the CamelDoclingCustomArguments header, which are then passed to the subprocess.

Business impact

A successful exploit could allow an attacker to read files outside of the intended directory or influence the behavior of the external docling tool. Given the CVSS score of 9.1, this is a critical issue that could lead to significant data exposure if the application handles untrusted input within these specific headers.

Remediation

Immediate Action: Upgrade to Apache Camel 4.19.0 or 4.18.3 to apply the strict allowlist and path normalization fixes.

Proactive Monitoring: Review Camel routes for any mapping of untrusted message content into the CamelDoclingCustomArguments header.

Compensating Controls: Implement strict input validation at the edge and strip internal Camel headers from messages originating from untrusted sources before they reach the Docling producer.

Exploitation status

Public Exploit Available: false

Analyst recommendation

This vulnerability presents a high risk of argument injection. Organizations should prioritize patching to the recommended versions and ensure that header sanitization is enforced across all Camel routes to prevent untrusted data from reaching the Docling component.