CVE-2026-45760— Apache Camel K: Camel K Cross-Namespace Build Deputy Attack
Affected Version Matrix 3
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Camel K | 2.0.0< 2.8.1 | affected |
2.9.0< 2.9.2 | affected | ||
2.10.0< 2.10.1 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-45760
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Camel K: Camel K Cross-Namespace Build Deputy Attack
Source: NVD (National Vulnerability Database)
Vulnerability Description
(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace. This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
资源在另一范围的外部可控制索引
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Camel K 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Camel K是美国阿帕奇(Apache)基金会的一个面向Kubernetes与云原生环境的集成运行平台。 Apache Camel K 2.0.0至2.8.1之前版本、2.9.0至2.9.2之前版本和2.10.0至2.10.1之前版本存在安全漏洞,该漏洞源于外部控制资源引用和授权绕过问题,可能导致Kubernetes命名空间中授权用户创建Build资源,控制其选择的命名空间中的Pod生成,包括操作员命名空间。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Camel K | 2.0.0 ~ 2.8.1 | - |
II. Public POCs for CVE-2026-45760
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-45760
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-45760 (1)
IV. Related Vulnerabilities
Same vendor: Apache Software Foundation
- CVE-2026-42797
Apache Syncope: JexlContextBuilder Information Disclosure - CVE-2026-42782
Apache Syncope: Post-auth RCE via Groovy static - CVE-2026-46745
Apache Airflow FAB provider: LDAP Filter Injection in FAB Au - CVE-2026-45361
Apache Airflow Google provider: SSH host key verification di - CVE-2026-45249
Apache ECharts: XSS in Lines series tooltip rendering
Same weakness: CWE-610
V. Comments for CVE-2026-45760
No comments yet