HIGHCVE-2026-45760Published Modified CNA apache
CVE-2026-45760: Apache Camel K: Camel K Cross-Namespace Build Deputy Attack
(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace. This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.
Metrics
- CVSS v3.1
- 8.1
- Severity
- HIGH
- Fixed in
- 2.8.1
- Affected Products
- 1
Fix available
2.8.12.9.22.10.1
Affected packages
- Apache Software Foundation / Apache Camel K< 2.8.1 (from 2.0.0) · < 2.9.2 (from 2.9.0) · < 2.10.1 (from 2.10.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NReferences