Vulnerability in Apache Software Foundation Camel
CVE-2026-46455
Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper KeycloakSecurityHelper.parseAndVerifyAccessToken builds a Keycloak TokenVerifier using withChecks(...) with only the subj…
Affected products
- Apache Software Foundation Camel — versions 4.18.0, 4.19.0
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)
- af854a3a-2127-422b-91ae-364da2661108