CVE-2026-48204

Apache Software Foundation · Apache Camel

An input validation vulnerability in the Apache Camel MongoDB GridFS component allows unauthenticated remote attackers to perform unauthorized operations or NoSQL injection via crafted HTTP headers.

Executive summary

An improper input validation flaw in Apache Camel's MongoDB GridFS component allows unauthenticated attackers to manipulate file operations and perform NoSQL injection attacks.

Vulnerability

The camel-mongodb-gridfs component fails to properly filter internal headers, allowing an unauthenticated remote attacker to inject control headers that override intended operations. This facilitates unauthorized file deletion, enumeration, or NoSQL operator injection into the backend MongoDB database.

Business impact

Successful exploitation poses a critical risk to data integrity and availability, as an attacker can delete or exfiltrate sensitive files stored in GridFS. With a CVSS score of 9.8, this vulnerability represents a severe threat to systems utilizing Apache Camel for data integration, potentially leading to total system compromise or data loss.

Remediation

Immediate Action: Upgrade to Apache Camel version 4.21.0, 4.14.8, or 4.18.3 depending on your active LTS stream.

Proactive Monitoring: Monitor logs for unexpected gridfs.* header activity and anomalous MongoDB database queries originating from Camel routes.

Compensating Controls: Explicitly set operations on mongodb-gridfs endpoints to prevent header-based overrides and configure ingress filters to strip gridfs.* headers from untrusted traffic.

Exploitation status

Public Exploit Available: false

Analyst recommendation

This vulnerability is critical due to the ease of unauthenticated exploitation and the potential for full data access or destruction. Organizations must prioritize patching or implementing the suggested endpoint configurations immediately to prevent potential data breaches.