Primary

Context

Apache Camel Neo4j Component Cypher Injection Vulnerability

Vulnerability

Patched

A Cypher injection vulnerability exists in the Apache Camel Neo4j component, specifically in versions 4.10.0 prior to 4.10.8, 4.14.0 prior to 4.14.3, and 4.15.0 prior to 4.17.0. This vulnerability allows attackers to craft specific query statements that could execute unintended operations within the Neo4j database.

Impact

Exploitation of this vulnerability could lead to unauthorized manipulation of data in the Neo4j database by executing unintended Cypher queries.

Remediation

Users are advised to upgrade to Apache Camel version 4.10.8 for the 4.10.x LTS series, 4.14.3 for the 4.14.x LTS series, or 4.17.0.

Added: Jan 14, 2026, 12:19 PM

Updated: Jan 14, 2026, 5:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

5.0

exploitability

4.7

remediation

7.7

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

5.0

exploitability

4.7

remediation

7.7

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Camel Neo4j Component Cypher Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Camel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating