general · MITRE
Apache Camel's Docling component contains an argument injection vulnerability in versions 4.15.0 through 4.18.2. The camel-docling component executes an external `docling` command-line tool via ProcessBuilder, accepting custom CLI arguments through the `CamelDoclingCustomArguments` exchange header. The original validation relied on a denylist of forbidden flags and checked only for literal `../` sequences in paths. This weak validation allowed attackers to inject unrecognized docling CLI flags and supply path values that traversed outside intended directories using sequences not caught by the literal check. Apache Camel has released fixes: version 4.18.3 for the LTS stream and 4.19.0 for mainline releases, replacing the denylist with a strict allowlist, normalizing paths before validation, and defensively rejecting shell metacharacters.
Organizations using Apache Camel to process externally-influenced data should prioritize patching to mitigated versions. Defense contractors and SaaS platforms handling Camel integrations should inventory affected deployments and assess whether untrusted message content flows into the affected headers. Those subject to CMMC (defense contractors), SOC2, or NIST 800-171 should treat this as a configuration-control finding: route designs that map untrusted data into Camel-internal headers require review. An Omniware engagement can scope inventory, impact assessment, and remediation validation in detail.
Source: MITRE National Vulnerability Database - https://nvd.nist.gov/vuln/detail/CVE-2026-40047
Source: MITRE
All briefings