Impact
The vulnerability allows an attacker to override the Kafka topic configured for a Camel‑Kafka producer by setting an HTTP header named kafka.OVERRIDE_TOPIC. The Camel component accepts this header without filtering when it comes from an upstream consumer, causing the producer to publish to an arbitrary Kafka topic. This can redirect messages to sensitive internal topics or inject attacker‑crafted data into a downstream service. It is a CWE‑20 injection‑type flaw that can compromise the confidentiality, integrity, and availability of the message stream.
Affected Systems
Apache Camel versions from 4.0.0 up to, but not including, 4.14.8; from 4.15.0 up to, but not including, 4.18.3; from 4.19.0 up to, but not including, 4.21.0 all contain the vulnerable Kafka component. The issue is fixed in Camel 4.21.0 or in the LTS releases 4.14.8 and 4.18.3 for the respective streams.
Risk and Exploitability
The EPSS score is less than 1%, indicating a low probability of exploitation in the current landscape. The vulnerability is not listed in the CISA KEV catalog. An unauthenticated HTTP consumer can trigger the redirect; no credentials are required. Exploitation would allow an attacker to publish messages to any Kafka topic, potentially compromising sensitive data or disrupting services. The attack vector is a specially crafted HTTP request that includes a kafka.* header, bypassing the normal Camel header filter for upstream consumers.
OpenCVE Enrichment