CVE-2026-45760 · (Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apach

01 · The Real Story

This is less a front-door break-in than a badge-holder slipping into the operator’s control room

CVE-2026-45760 is an Apache Camel K cross-namespace build-deputy flaw. In affected Camel K versions 2.0.0 through before 2.8.1, 2.9.0 through before 2.9.2, and 2.10.0 through before 2.10.1, an already authorized user in one Kubernetes namespace can create a Build custom resource that influences where Camel K generates a build Pod, potentially steering that Pod into another namespace including the operator namespace.

The vendor's HIGH/8.1 score is defensible in a lab because the impact crosses trust boundaries and can weaken tenant isolation. In real enterprise fleets, though, the chain starts with authenticated Kubernetes access in a Camel K-enabled namespace, which means the attacker is already inside your cluster control plane and already has permissions to create Camel K resources; that sharply narrows exposed population and makes this a post-initial-access privilege-boundary bypass, not an internet fire.

"Serious inside a Camel K tenant, but too post-initial-access and niche to deserve an emergency patch lane"

02 · The Attack Path

4 steps from start to impact.

STEP 01

Get namespace-level Kubernetes access

The attacker first needs valid access to a Kubernetes cluster running Camel K and enough RBAC to interact with Camel K custom resources. The practical weapon here is ordinary kubectl or the Kubernetes API, not a specialized exploit kit, because the vulnerability is in how Camel K honors attacker-controlled build placement data after the user is already trusted by the cluster.

Conditions required:

Target cluster is running Apache Camel K
Attacker has authenticated Kubernetes API access
RBAC grants access to create or influence Camel K resources in a namespace

Where this breaks in practice:

This is not unauthenticated remote exploitation
Many enterprises do not deploy Camel K at all
Even where Camel K exists, not every developer or service account can create Build-adjacent resources

Detection/coverage: External vuln scanners will miss this unless they inventory Camel K operator versions and cluster RBAC. Detection is mainly via Kubernetes audit logs for CR creation and namespace-crossing reconciliation behavior.

STEP 02

Submit a malicious Build path

Using kubectl apply or a direct Kubernetes API call, the attacker creates a Build resource with user-controlled namespace selection characteristics described by Apache's fix as the deprecated builder-pod namespace behavior. The fix notes say the namespace should be inferred from the Build custom resource instead of trusting externally supplied placement hints, which is the core bug.

Conditions required:

Attacker can create the relevant Camel K resource
Affected Camel K version is deployed

Where this breaks in practice:

Requires understanding Camel K CRDs and build workflow
The bug matters most where build strategy and operator permissions allow pod creation beyond the requester's home namespace

Detection/coverage: Look for suspicious Build CRs, unusual annotations, or build requests originating from low-trust namespaces. Coverage in generic SAST/DAST is poor; cluster policy engines and audit review are better bets.

STEP 03

Abuse operator reconciliation

Camel K's operator processes the malicious resource and creates downstream artifacts on the attacker's behalf. Camel K documentation shows the operator creates Build resources as part of the integration lifecycle and that resources propagate through the same reconciliation chain, so the attacker is effectively turning the operator into a confused deputy.

Conditions required:

Camel K operator is watching the affected resources
Operator has rights in the chosen namespace, especially the operator namespace

Where this breaks in practice:

Blast radius depends on operator installation model and RBAC
Single-tenant or tightly scoped operators reduce cross-namespace impact

Detection/coverage: Watch for Camel K operator-initiated Pod creation in namespaces that do not match the originating tenant. Admission-controller logs and Kubernetes audit logs can expose the mismatch.

STEP 04

Land cross-namespace impact

If the operator is allowed to create Pods in a more privileged namespace, the attacker can break namespace isolation and potentially pivot into operator-controlled assets. That can become a staging point for broader cluster abuse, but the exact end state depends on what service accounts, image pull secrets, and namespace permissions exist in the operator namespace.

Conditions required:

Operator namespace or another target namespace provides materially stronger privileges
Spawned Pod inherits useful trust or adjacency

Where this breaks in practice:

This is not guaranteed cluster-admin compromise
Well-segmented operator installs, restrictive service accounts, and admission policies can cap impact

Detection/coverage: Runtime detection should key on unexpected Pods created by Camel K in sensitive namespaces and service-account use from build Pods. EDR on nodes helps only after the Pod exists; it does not prevent the authorization bypass.

03 · Intelligence Metadata

The supporting signals.

In-the-wild status	No public evidence of active exploitation found. The CISA ADP enrichment in the CVE record marks `Exploitation: none`, and the CVE is not present in the CISA KEV catalog.
Public PoC status	No public weaponized exploit repository located in GitHub search results. What is public are Apache's fix PRs — notably PR #6626, plus backports `#6627` and `#6629` — which are enough for a competent Kubernetes operator to understand the bug class.
EPSS	User-supplied EPSS is `0.00012` (about `0.012%` predicted exploitation probability over 30 days). That is extremely low; percentile was not included in the prompt and I did not independently verify a point-in-time percentile from FIRST.
KEV status	Not KEV-listed. No entry matched `CVE-2026-45760` on the CISA KEV catalog page.
CVSS vector reality check	`CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N` assumes low-friction network reachability after authentication. The `PR:L` term is the whole story here: it implies the attacker already has Kubernetes access and some Camel K authority.
Affected versions	Apache says affected Camel K versions are `2.0.0` to `<2.8.1`, `2.9.0` to `<2.9.2`, and `2.10.0` to `<2.10.1`.
Fixed versions / backports	Official fixes are `2.8.1`, `2.9.2`, and `2.10.1`. I did not locate vendor-documented distro backports in the sources reviewed.
Exposure and scanability	No meaningful Shodan/Censys/GreyNoise product exposure data surfaced for this CVE. That's expected: Camel K is a Kubernetes operator/control-plane component, not a clean internet-facing fingerprint like a VPN or web gateway.
Disclosure and credit	Disclosed on `2026-05-21`. Apache credits `@j311yl0v3u` and `@b0b0haha` in the advisory and CVE record.
Why this matters operationally	Camel K docs show the operator creates `Build` resources and manages lifecycle objects across namespaces; the multi-operator docs also show resources are explicitly assigned and reconciled by an operator instance. That means a namespace-selection bug lands squarely in the trust boundary between tenant namespaces and the operator namespace.

04 · The Call

noisgate verdict.

Final Verdict

↓ DOWNGRADED to MEDIUM (5.9/10)

The decisive factor is that exploitation requires authenticated Kubernetes access with the right Camel K permissions, so this is already post-initial-access and only relevant to clusters that actually run Camel K. The impact can be ugly inside a multi-tenant cluster, but the reachable population is far smaller than the vendor CVSS suggests.

HIGH Affected/fixed version ranges and vulnerability mechanics from Apache sources

MEDIUM Severity downgrade based on real-world exposure, RBAC assumptions, and lack of public exploitation

LOW Absence of public PoC or scanning telemetry beyond the sources reviewed

Why this verdict

Requires authenticated Kubernetes access — PR:L here is not a trivial web login; it implies prior foothold into the cluster control plane and enough RBAC to touch Camel K resources.
Camel K deployment narrows population — plenty of enterprises run Kubernetes, but far fewer run Camel K, and fewer still expose it in multi-tenant patterns where cross-namespace build abuse matters.
Blast radius is configuration-dependent — the bad outcome depends on what rights the operator has in the target namespace, especially the operator namespace; that is serious but not universally equal to instant cluster-admin.

Why not higher?

There is no sign of active exploitation, no KEV listing, and no unauthenticated remote path. The attack chain compounds multiple narrowing assumptions: Camel K must be installed, the attacker must already be in the cluster, and RBAC must allow the exact resource creation path that triggers the confused-deputy behavior.

Why not lower?

Once the prerequisites are met, this is not a harmless paper cut; it crosses namespace trust boundaries and can let one tenant influence Pod creation in a more privileged namespace. In Camel K-heavy shared clusters, that can become a meaningful lateral-movement and privilege-escalation primitive.

05 · Compensating Control

What to do — in priority order.

Tighten Camel K RBAC — Restrict who can create or mutate Camel K Integration, IntegrationKit, and especially Build-related resources in tenant namespaces. For a MEDIUM verdict there is no mitigation SLA; use this as hardening work while you move toward the 365-day remediation window.
Pin operators to tenant scopes — Avoid broad global operators where possible; Camel K's multi-operator model lets you scope reconciliation more narrowly by namespace and operator ID. This shrinks the cross-namespace payoff even before patching; again, no mitigation SLA applies here, so schedule it as risk reduction before patch completion.
Audit operator namespace privileges — Review the service account, RoleBindings, image pull secrets, and admission exemptions attached to the Camel K operator namespace. If that namespace is overprivileged, this CVE becomes more dangerous; fix the privilege sprawl during the same 365-day remediation planning cycle.
Alert on cross-namespace build activity — Use Kubernetes audit logs, admission logs, or policy engines to flag Camel K-created Pods in namespaces that don't line up with the requesting tenant. This gives you a detection backstop where generic vuln scanning is weak; there is no mitigation SLA, but it is a worthwhile detective control.

What doesn't work

A perimeter WAF or internet firewall doesn't help much because the attacker path is through the Kubernetes API after authentication, not a public HTTP exploit surface.
Node EDR alone is too late; it may catch post-exploitation behavior in a spawned Pod, but it does not stop the operator from being used as the confused deputy.
SBOM-only package scanning is incomplete if it doesn't inventory live Camel K operator image tags and cluster RBAC; this is a deployment-context bug, not just a library version problem.

06 · Verification

Crowdsourced verification payload.

Run this from an auditor workstation or admin jump box that has kubectl configured against the target cluster. Invoke it as bash check-camelk-cve-2026-45760.sh; it needs read access to deployments across namespaces and, if available, to integrations.camel.apache.org or builds.camel.apache.org resources. It outputs VULNERABLE, PATCHED, or UNKNOWN and exits 0, 1, or 2 respectively.

noisgate-verify.sh

BASHREAD-ONLYSAFE

#!/usr/bin/env bash
# check-camelk-cve-2026-45760.sh
# Detect likely exposure to CVE-2026-45760 in Apache Camel K by inspecting
# Camel K operator image versions in the cluster.
#
# Exit codes:
#   0 = PATCHED
#   1 = VULNERABLE
#   2 = UNKNOWN

set -u

have_kubectl() {
  command -v kubectl >/dev/null 2>&1
}

normver() {
  # Strip common tag prefixes/suffixes, keep semver-ish core.
  local v="$1"
  v="${v##*:}"
  v="${v#v}"
  v="${v%%-*}"
  printf '%s' "$v"
}

ver_lt() {
  # returns 0 if $1 < $2
  [ "$(printf '%s\n%s\n' "$1" "$2" | sort -V | head -n1)" = "$1" ] && [ "$1" != "$2" ]
}

ver_ge() {
  # returns 0 if $1 >= $2
  ! ver_lt "$1" "$2"
}

is_vulnerable_version() {
  local v="$1"

  # Affected:
  # 2.0.0 <= v < 2.8.1
  # 2.9.0 <= v < 2.9.2
  # 2.10.0 <= v < 2.10.1
  if ver_ge "$v" "2.0.0" && ver_lt "$v" "2.8.1"; then
    return 0
  fi
  if ver_ge "$v" "2.9.0" && ver_lt "$v" "2.9.2"; then
    return 0
  fi
  if ver_ge "$v" "2.10.0" && ver_lt "$v" "2.10.1"; then
    return 0
  fi
  return 1
}

if ! have_kubectl; then
  echo "UNKNOWN: kubectl not found"
  exit 2
fi

if ! kubectl version --request-timeout=10s >/dev/null 2>&1; then
  echo "UNKNOWN: kubectl cannot reach cluster or lacks permission"
  exit 2
fi

# Try to discover Camel K deployments by common labels/names.
mapfile -t DEPLOYS < <(
  kubectl get deploy -A \
    -o jsonpath='{range .items[*]}{.metadata.namespace}{"\t"}{.metadata.name}{"\t"}{range .spec.template.spec.containers[*]}{.image}{" "}{end}{"\n"}{end}' 2>/dev/null | \
  grep -Ei 'camel-k|apache/camel-k' || true
)

if [ ${#DEPLOYS[@]} -eq 0 ]; then
  # Fallback: if CRDs/resources exist but no deployment visible, permissions may be limited.
  if kubectl api-resources 2>/dev/null | grep -q 'camel.apache.org'; then
    echo "UNKNOWN: Camel K API resources exist, but no operator deployment was discoverable with current permissions"
    exit 2
  fi
  echo "UNKNOWN: no Camel K operator deployment found"
  exit 2
fi

found_any=0
vuln_any=0
report=""

for row in "${DEPLOYS[@]}"; do
  ns="$(printf '%s' "$row" | awk '{print $1}')"
  name="$(printf '%s' "$row" | awk '{print $2}')"
  images="$(printf '%s' "$row" | cut -f3-)"

  for img in $images; do
    if printf '%s' "$img" | grep -Eqi 'camel-k|apache/camel-k'; then
      found_any=1
      ver="$(normver "$img")"
      if printf '%s' "$ver" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+$'; then
        if is_vulnerable_version "$ver"; then
          vuln_any=1
          report+="${ns}/${name} -> ${img} (${ver}) [affected]\n"
        else
          report+="${ns}/${name} -> ${img} (${ver}) [not-affected-range]\n"
        fi
      else
        report+="${ns}/${name} -> ${img} [unparseable-tag]\n"
      fi
    fi
  done
done

if [ "$found_any" -eq 0 ]; then
  echo "UNKNOWN: found candidate deployments, but no Camel K container image tags could be parsed"
  exit 2
fi

# Optional context: presence of Camel K resources in the cluster.
CR_CONTEXT=""
if kubectl api-resources 2>/dev/null | grep -q 'builds[[:space:]].*camel.apache.org'; then
  CR_CONTEXT="Build CRD present"
elif kubectl api-resources 2>/dev/null | grep -q 'integrations[[:space:]].*camel.apache.org'; then
  CR_CONTEXT="Camel K CRDs present"
else
  CR_CONTEXT="Camel K CRDs not enumerable with current permissions"
fi

if [ "$vuln_any" -eq 1 ]; then
  printf 'VULNERABLE: CVE-2026-45760 likely applies\n%s%s\n' "$report" "$CR_CONTEXT"
  exit 1
fi

printf 'PATCHED: no discovered Camel K operator image is in an affected version range\n%s%s\n' "$report" "$CR_CONTEXT"
exit 0

07 · Bottom Line

If you remember one thing.

TL;DR

Monday morning: inventory which clusters actually run Camel K, then verify operator versions and RBAC exposure with the script above. Because this lands at MEDIUM, there is no noisgate mitigation SLA — go straight to the 365-day remediation window unless your cluster is a shared Camel K tenant environment, in which case do the RBAC/operator-scope hardening as ordinary risk reduction and still complete the actual upgrade to 2.8.1, 2.9.2, or 2.10.1 within the noisgate remediation SLA of ≤365 days.

Sources

Peer Review

What defenders are saying.

Submit a review attribution: handle + country only

0 flags selected · stored anonymously

Validation Results

Crowdsourced verification outputs.

Results submitted by users who ran the verification payload against their environment.