CVE-2026-46726
Apache Software Foundation · Apache Camel Vertx Websocket
A Server-Side Request Forgery (SSRF) and information exposure vulnerability exists in the Apache Camel Vertx Websocket component due to improper input validation.
Executive summary
A high-severity SSRF vulnerability in Apache Camel Vertx Websocket allows unauthenticated attackers to perform unauthorized requests and expose sensitive information.
Vulnerability
The vulnerability involves improper input validation (CWE-20) leading to Server-Side Request Forgery (CWE-918) and information exposure (CWE-200). An unauthenticated attacker can manipulate the Vertx Websocket component to force the server to make unauthorized requests to internal resources.
Business impact
The ability to perform SSRF attacks allows an attacker to interact with internal services that are otherwise protected from the public internet. With a CVSS score of 7.5, this high-severity flaw could lead to the exposure of internal configuration data, cloud metadata, or unauthorized access to backend systems.
Remediation
Immediate Action: Upgrade to version 4.14.8, 4.18.3, 4.21.0 or later as advised by the Apache Camel security team.
Proactive Monitoring: Monitor network traffic originating from the server for unexpected outbound requests to internal or restricted network segments.
Compensating Controls: Ensure the application runs with the principle of least privilege, restricting network egress to only necessary endpoints via firewall rules or network security groups.
Exploitation status
Public Exploit Available: false
Analyst recommendation
SSRF vulnerabilities often serve as a gateway to deeper infrastructure compromise. IT administrators should treat this update with high priority and verify that the affected Camel components are updated to the patched versions immediately.