Description
(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace.

This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1.

Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.
Published: 2026-05-21
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw allows an authorized user to create a Build resource that causes the Camel K operator to generate a pod in any namespace of their choice, including the operator's own namespace. This bypasses normal namespace boundaries and can be used to run arbitrary code with elevated privileges, effectively providing a local privilege escalation within the Kubernetes cluster. The vulnerability is rooted in externally controlled reference to a resource in another sphere and in authorization bypass through a user‑controlled key, corresponding to CWE‑610 and CWE‑639.

Affected Systems

Apache Camel K versions from 2.0.0 up to but not including 2.8.1, from 2.9.0 up to but not including 2.9.2, and from 2.10.0 up to but not including 2.10.1 are vulnerable. In all affected releases, users can create Build objects without namespace restrictions, enabling the described attack.

Risk and Exploitability

The vulnerability is serious because it does not require any additional permissions beyond those needed to create a Build resource; an authenticated user who can create Builds can control pod deployments in any namespace. While the EPSS score is not available, the lack of an exploit in the KEV catalog suggests no publicly known active exploitation, but the potential for privilege escalation is high. The attack path is straightforward: create a Build specifying an arbitrary target namespace, causing the operator to spin up a pod there.

Generated by OpenCVE AI on May 21, 2026 at 13:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install Apache Camel K 2.10.1 or later, or upgrade to 2.9.2 or 2.8.1 if staying within earlier releases.
  • If a swift upgrade is not possible, restrict Build resource creation to trusted namespaces using Kubernetes RBAC policies.
  • Verify that any deployed Camel K instances enforce namespace restrictions on Build resources, and monitor for unexpected pods created in sensitive namespaces.

Generated by OpenCVE AI on May 21, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 19:30:00 +0000

Type Values Removed Values Added
References

Thu, 21 May 2026 12:30:00 +0000

Type Values Removed Values Added
Description (Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the operator namespace. This issue affects Apache Camel K: from 2.0.0 before 2.8.1, from 2.9.0 before 2.9.2, from 2.10.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1 (or 2.8.1 or 2.9.2), which fixes the issue.
Title Apache Camel K: Camel K Cross-Namespace Build Deputy Attack
Weaknesses CWE-610
CWE-639
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-05-21T18:37:31.227Z

Reserved: 2026-05-13T07:38:04.636Z

Link: CVE-2026-45760

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-21T13:16:19.840

Modified: 2026-05-21T19:16:53.413

Link: CVE-2026-45760

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T13:30:11Z

Weaknesses