Impact
The KeycloakSecurityPolicy in Apache Camel Keycloak does not perform cryptographic verification of bearer tokens unless role or permission checks are configured. In the default configuration these checks are skipped, so any non‑null value in the Authorization header is accepted. This allows an attacker to bypass authentication and gain unauthenticated access to server‑side work, which can lead to remote code execution if the route forwards to an executable producer. The flaw represents a classic authentication bypass and an injection of unauthorized authority.
Affected Systems
The vulnerability affects the Apache Camel Keycloak Component in Apache Camel 4.15.0 through 4.18.2, 4.19.0 through 4.20.x, and 4.20.x. Users running any of these versions should be aware. The component is provided by the Apache Software Foundation.
Risk and Exploitability
The EPSS score is less than 1%, indicating a very low probability of exploitation at present, and the vulnerability is not listed in CISA’s KEV catalog. Nonetheless, the flaw is exploitable remotely by issuing a crafted HTTP request with a non‑null Authorization: Bearer token to a route protected by the default policy. If the protected route performs privileged operations, an attacker can gain unauthenticated access or execute code. The severity is high due to the potential for remote code execution, but current public exploitation appears unlikely.
OpenCVE Enrichment