CVE-2026-27172
high
CVSS v3
8.8
CVSS v2
—
VIR risk
8.8
Description
Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@apache.org — https://camel.apache.org/security/CVE-2026-27172.html
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.camel:camel-consul | >=3.0.0,<4.14.6 | 4.14.6 |
| Maven | org.apache.camel:camel-consul | >=4.15.0,<4.18.1 | 4.18.1 |
| MAVEN | org.apache.camel:camel-consul | >= 4.15.0, < 4.18.1 | 4.18.1 |
| MAVEN | org.apache.camel:camel-consul | >= 3.0.0, < 4.14.6 | 4.14.6 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | camel | {"startIncluding":"3.0.0","endExcluding":"4.14.6"} | 4.14.6 |
References
- https://camel.apache.org/security/CVE-2026-27172.html
- https://nvd.nist.gov/vuln/detail/CVE-2026-27172
- https://github.com/apache/camel/pull/21530
- https://github.com/apache/camel/pull/21531
- https://github.com/apache/camel/pull/21532
- https://github.com/apache/camel/commit/4b540e6e20bad4a4af19688b85a247bdb96c2e2d
- https://github.com/apache/camel/commit/4e3f709b97aef3ed99e3a52a99c752b37b104063
- https://github.com/apache/camel/commit/55dd9f8ce5f6db06f3946c3f3df1e2ea16e4f374
- https://github.com/apache/camel
- https://issues.apache.org/jira/browse/CAMEL-23029
- https://github.com/advisories/GHSA-5rc6-9qfp-8vwg
CWEs
CWE-502
Verify integrity in audit chain (admin only). AS-IS.