HIGH 8.1
GHSA-q8ch-jx67-q52x
Apache Camel K: Kubernetes namespace authorized users can create a Build resource
Details
(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace.
This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1.
Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/apache/camel-k/v2
Introduced in:
0 Fixed in: 2.8.1 Fix
go get github.com/apache/camel-k/v2@v2.8.1 Go / github.com/apache/camel-k/v2
Introduced in:
2.9.0 Fixed in: 2.9.2 Fix
go get github.com/apache/camel-k/v2@v2.9.2 Go / github.com/apache/camel-k/v2
Introduced in:
2.10.0 Fixed in: 2.10.1 Fix
go get github.com/apache/camel-k/v2@v2.10.1 References
- https://nvd.nist.gov/vuln/detail/CVE-2026-45760 [ADVISORY]
- https://github.com/apache/camel-k/pull/6626 [WEB]
- https://github.com/apache/camel-k/pull/6627 [WEB]
- https://github.com/apache/camel-k/pull/6629 [WEB]
- https://github.com/apache/camel-k/commit/1271df076f3123f5e4ec58e066e284236b1a8fb5 [WEB]
- https://github.com/apache/camel-k/commit/1efa3982f4dbce0ae1f896f4003a16cae6d81ba2 [WEB]
- https://github.com/apache/camel-k/commit/35dd387f58464608ab4764f67bde786cf09bc39d [WEB]
- https://camel.apache.org/security/CVE-2026-45760.html [WEB]
- https://github.com/apache/camel-k [PACKAGE]
- http://www.openwall.com/lists/oss-security/2026/05/21/8 [WEB]