[<prev] [next>] [day] [month] [year] [list]
Message-ID: <93363667-8e34-0e9b-ce43-04896cf20365@apache.org>
Date: Wed, 18 Feb 2026 10:28:58 +0000
From: Andrea Cosentino <acosentino@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2026-23552: Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance
Bypass in KeycloakSecurityPolicy
Severity: important
Affected versions:
- Apache Camel (org.apache.camel:camel-keycloak) 4.15.0 before 4.18.0
Description:
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component.
This issue affects Apache Camel: from 4.15.0 before 4.18.0.
Users are recommended to upgrade to version 4.18.0, which fixes the issue.
This issue is being tracked as CAMEL-22854
Credit:
Andrea Cosentino (finder)
Andrea Cosentino (remediation developer)
References:
https://camel.apache.org/security/CVE-2026-23552.html
https://github.com/oscerd/CVE-2026-23552
https://camel.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-23552
https://issues.apache.org/jira/browse/CAMEL-22854
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
