oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2026-23552: Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy

From: Andrea Cosentino <acosentino () apache org>
Date: Wed, 18 Feb 2026 10:28:58 +0000
Severity: important 

Affected versions:

- Apache Camel (org.apache.camel:camel-keycloak) 4.15.0 before 4.18.0

Description:

Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component.

This issue affects Apache Camel: from 4.15.0 before 4.18.0.

Users are recommended to upgrade to version 4.18.0, which fixes the issue.

This issue is being tracked as CAMEL-22854 

Credit:

Andrea Cosentino (finder)
Andrea Cosentino (remediation developer)

References:

https://camel.apache.org/security/CVE-2026-23552.html
https://github.com/oscerd/CVE-2026-23552
https://camel.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-23552
https://issues.apache.org/jira/browse/CAMEL-22854
Previous By Date Next
Previous By Thread Next

Current thread: