High severity8.1NVD Advisory· Published May 21, 2026· Updated May 23, 2026
CVE-2026-45760
CVE-2026-45760
Description
(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace.
This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/apache/camel-k/v2Go | < 2.8.1 | 2.8.1 |
github.com/apache/camel-k/v2Go | >= 2.9.0, < 2.9.2 | 2.9.2 |
github.com/apache/camel-k/v2Go | >= 2.10.0, < 2.10.1 | 2.10.1 |
Affected products
3Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-q8ch-jx67-q52xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-45760ghsaADVISORY
- www.openwall.com/lists/oss-security/2026/05/21/8nvdWEB
- camel.apache.org/security/CVE-2026-45760.htmlnvdWEB
- github.com/apache/camel-k/commit/1271df076f3123f5e4ec58e066e284236b1a8fb5ghsaWEB
- github.com/apache/camel-k/commit/1efa3982f4dbce0ae1f896f4003a16cae6d81ba2ghsaWEB
- github.com/apache/camel-k/commit/35dd387f58464608ab4764f67bde786cf09bc39dghsaWEB
- github.com/apache/camel-k/pull/6626ghsaWEB
- github.com/apache/camel-k/pull/6627ghsaWEB
- github.com/apache/camel-k/pull/6629ghsaWEB
News mentions
0No linked articles in our index yet.