Apache Camel K
Moderate fix3 remedies
Moderate fix3 remedies
- >= 2.0.0, < 2.8.1
- >= 2.9.0, < 2.9.2
- >= 2.10.0, < 2.10.1
Apache Camel K Cross-Namespace Build Resource Control Vulnerability
Vulnerability
Patched
An authorization bypass vulnerability allowing externally controlled references to resources in another sphere has been identified in Apache Camel K. This issue affects authorized users in a Kubernetes namespace who can create Build resources, thereby controlling Pod generation in any namespace, including the operator namespace. The vulnerability is present in Apache Camel K versions 2.0.0 prior to 2.8.1, 2.9.0 prior to 2.9.2, and 2.10.0 prior to 2.10.1.
Impact
Exploitation of this vulnerability allows for unauthorized control over Pod generation in selected namespaces, potentially including the operator namespace.
Remediation
Users are advised to upgrade to Apache Camel K versions 2.10.1, 2.8.1, or 2.9.2, all of which address this vulnerability.
Added: May 21, 2026, 1:41 PM
Updated: May 21, 2026, 1:41 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
3.3exploitability
5.2remediation
0.0relevance
9.0threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.