CVE-2026-48204 in Camelinfo

Summary

by MITRE • 07/06/2026

Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component.

The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the default. The control-header constants (GridFsConstants.GRIDFS_OPERATION, GRIDFS_OBJECT_ID, GRIDFS_METADATA, GRIDFS_CHUNKSIZE, GRIDFS_FILE_ID_PRODUCED) were the plain strings gridfs.operation, gridfs.objectid, gridfs.metadata, gridfs.chunksize and gridfs.fileid. Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that bridges an HTTP consumer (for example platform-http) into a mongodb-gridfs: producer with no explicit operation, any HTTP client could therefore set the gridfs.operation header to override the route's intended operation - switching, for example, a file upload to remove (deleting a file identified by the attacker-supplied gridfs.objectid), listAll (enumerating every file in the bucket) or findOne (reading a file) - and supply a gridfs.metadata value that is parsed as a MongoDB document, enabling NoSQL operator injection. No credentials are required when the bridging consumer is unauthenticated. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0.

Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that drive GridFS operations or metadata via the raw header names must use CamelGridFsOperation / CamelGridFsObjectId / CamelGridFsMetadata / CamelGridFsChunkSize / CamelGridFsFileId instead of the gridfs.* names. For deployments that cannot upgrade immediately, set an explicit operation on the mongodb-gridfs: endpoint so the operation is not taken from a header, and strip the gridfs.* headers from any untrusted ingress before the producer.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 07/06/2026

The vulnerability described represents a critical security flaw in Apache Camel's MongoDB GridFS component that combines improper input validation with inadequate access control mechanisms. This issue manifests when the camel-mongodb-gridfs producer component processes Exchange headers without proper sanitization, creating a path for attackers to manipulate database operations through HTTP requests. The root cause lies in the component's reliance on plain string header names that do not conform to Camel's standard naming conventions, specifically the gridfs.operation, gridfs.objectid, gridfs.metadata, gridfs.chunksize, and gridfs.fileid constants. These headers bypass the HttpHeaderFilterStrategy's namespace filtering which only blocks the camel prefix, allowing malicious values to flow directly from HTTP inbound requests into the Exchange processing pipeline.

The technical exploitation of this vulnerability occurs through a route that bridges HTTP consumers such as platform-http directly to MongoDB GridFS producers without explicit operation parameters. When no explicit operation is defined at the endpoint level, the system defaults to reading the operation from the gridfs.operation header, which can be manipulated by any unauthenticated HTTP client. This creates an attack surface where an attacker can switch between different GridFS operations including file deletion, enumeration of all files in a bucket, or file retrieval simply by setting the appropriate header values. The vulnerability is particularly dangerous because it enables NoSQL operator injection through the gridfs.metadata field, which is parsed as a MongoDB document and can contain malicious operators like $or, $and, or $ne that bypass normal query validation. This attack vector operates entirely without requiring authentication credentials when the bridging consumer remains unauthenticated, making it especially perilous in exposed environments.

From a security impact perspective, this vulnerability maps directly to CWE-20 (Improper Input Validation) and CWE-285 (Improper Access Control) with potential ATT&CK mappings to T1078 (Valid Accounts), T1190 (Exploit Public-Facing Application), and T1046 (Network Service Scanning). The operational consequences are severe as attackers can perform unauthorized file operations including deletion of critical files, enumeration of entire file systems within the GridFS bucket, and extraction of sensitive data through file retrieval. Organizations using affected Apache Camel versions face significant risk exposure particularly in environments where HTTP endpoints are publicly accessible or where insufficient authentication mechanisms protect the bridging consumers. The vulnerability affects multiple release streams with specific fixed versions: 4.21.0 for the main branch, 4.14.8 for LTS, and 4.18.3 for the 4.18.x series, indicating that this was a widespread issue affecting numerous deployments across different stability channels.

The recommended remediation strategy involves upgrading to the patched versions while maintaining backward compatibility considerations for existing deployments. For environments unable to upgrade immediately, administrators should implement explicit operation parameters at the mongodb-gridfs endpoint level to prevent header-based operation selection, thereby eliminating the attack vector entirely. Additionally, security measures must include proactive header filtering to strip gridfs.* prefixed headers from untrusted ingress traffic before they reach the producer component. This defensive approach aligns with the principle of least privilege and input sanitization best practices. Organizations should also consider implementing additional monitoring and logging around GridFS operations to detect anomalous behavior patterns that might indicate exploitation attempts, particularly around file deletion, enumeration, and retrieval activities that deviate from normal operational procedures. The fix requires careful attention to header naming conventions ensuring that all GridFS-related headers use the proper Camel prefix (CamelGridFsOperation, etc.) to prevent bypass of the security filtering mechanisms that protect against unauthorized access control modifications.

Disclosure

07/06/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!