CVE-2026-48203
Apache Software Foundation · Apache Camel
The Apache Camel Solr component is vulnerable to SSRF and parameter injection due to improper header validation, allowing unauthenticated attackers to manipulate requests via crafted HTTP headers.
Executive summary
An unauthenticated remote attacker can exploit an SSRF and parameter injection vulnerability in Apache Camel, potentially leading to unauthorized internal network access and data manipulation.
Vulnerability
This vulnerability involves improper neutralization of input in the Solr component, where specific message headers are not correctly filtered. Unauthenticated attackers can inject arbitrary Solr parameters—such as 'shards' or 'stream.url'—to perform SSRF or inject malicious fields into indexed documents.
Business impact
The ability for an unauthenticated user to perform server-side requests poses a significant risk to internal infrastructure, as attackers can bypass perimeter defenses to interact with internal services or cloud metadata endpoints. With a CVSS score of 9.1, this critical vulnerability could lead to total compromise of data integrity and unauthorized information disclosure, directly impacting system confidentiality and operational security.
Remediation
Immediate Action: Upgrade to Apache Camel version 4.21.0, or the version 4.14.8 or 4.18.3 LTS releases as applicable to your environment.
Proactive Monitoring: Review ingress traffic logs for suspicious HTTP headers containing 'SolrParam.' or 'SolrField.' prefixes, which indicate attempts to leverage this injection path.
Compensating Controls: If patching is delayed, implement a WAF or ingress filter to strip 'SolrParam.' and 'SolrField.' headers from untrusted external requests before they reach the Camel route.
Exploitation status
Public Exploit Available: False
Analyst recommendation
Given the critical severity and the ease of exploitation via unauthenticated network requests, organizations should prioritize patching as an urgent task. Ensure that post-patching, all routes are updated to utilize the new 'CamelSolrParam.' and 'CamelSolrField.' prefixes to maintain secure communication with Solr instances.