Fedora Account System
Red Hat Associate
Red Hat Customer
A JNDI Injection vulnerability has been discovered in Apache CXF's JCA integration module, which can allow for code execution, if an attacker is able to manipulate the JCA deployment descriptor (ra.xml) or runtime activation parameters. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fixes this issue.
This issue has been addressed in the following products: Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot 3.5.16 Via RHSA-2026:37390 https://access.redhat.com/errata/RHSA-2026:37390