CVE-2026-45760
Essential information
- Published
- 21/05/2026 13:16
- Modified
- 21/05/2026 19:16
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace.
This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.
NVD status
- Status
- Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| apache / camel k | cpe:2.3:a:apache:camel_k:<2.8.1:*:*:*:*:*:*:* |
| apache / camel k | cpe:2.3:a:apache:camel_k:<2.9.2:*:*:*:*:*:*:* |
| apache / camel k | cpe:2.3:a:apache:camel_k:<2.10.1:*:*:*:*:*:*:* |