CVE-2026-48204
Apache Software Foundation · Apache Camel
An input validation vulnerability in the Apache Camel MongoDB GridFS component allows unauthenticated remote attackers to perform unauthorized operations or NoSQL injection via crafted HTTP headers.
Executive summary
An improper input validation flaw in Apache Camel's MongoDB GridFS component allows unauthenticated attackers to manipulate file operations and perform NoSQL injection attacks.
Vulnerability
The camel-mongodb-gridfs component fails to properly filter internal headers, allowing an unauthenticated remote attacker to inject control headers that override intended operations. This facilitates unauthorized file deletion, enumeration, or NoSQL operator injection into the backend MongoDB database.
Business impact
Successful exploitation poses a critical risk to data integrity and availability, as an attacker can delete or exfiltrate sensitive files stored in GridFS. With a CVSS score of 9.8, this vulnerability represents a severe threat to systems utilizing Apache Camel for data integration, potentially leading to total system compromise or data loss.
Remediation
Immediate Action: Upgrade to Apache Camel version 4.21.0, 4.14.8, or 4.18.3 depending on your active LTS stream.
Proactive Monitoring: Monitor logs for unexpected gridfs.* header activity and anomalous MongoDB database queries originating from Camel routes.
Compensating Controls: Explicitly set operations on mongodb-gridfs endpoints to prevent header-based overrides and configure ingress filters to strip gridfs.* headers from untrusted traffic.
Exploitation status
Public Exploit Available: false
Analyst recommendation
This vulnerability is critical due to the ease of unauthenticated exploitation and the potential for full data access or destruction. Organizations must prioritize patching or implementing the suggested endpoint configurations immediately to prevent potential data breaches.