Vulnerability Description
(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace. This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.
Related Weaknesses (CWE)
References
- https://camel.apache.org/security/CVE-2026-45760.html
- http://www.openwall.com/lists/oss-security/2026/05/21/8
FAQ
What is CVE-2026-45760?
CVE-2026-45760 is a documented vulnerability. (Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can cr...
How severe is CVE-2026-45760?
CVSS scoring is not yet available for CVE-2026-45760. Check NVD for updates.
Is there a patch for CVE-2026-45760?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.