CVE-2026-45760
Apache Camel K: Camel K Cross-Namespace Build Deputy Attack
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace. This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.
| CWE | CWE-610 CWE-639 |
| Vendor | apache software foundation |
| Product | apache camel k |
| Published | May 21, 2026 |
Stay Ahead of the Next One
Get instant alerts for apache software foundation apache camel k
Be the first to know when new unknown vulnerabilities affecting apache software foundation apache camel k are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Apache Software Foundation / Apache Camel K
2.0.0 < 2.8.1 2.9.0 < 2.9.2 2.10.0 < 2.10.1
References
Credits
@j311yl0v3u ([email protected]) @b0b0haha ([email protected])