Skip to content
Verified reproduction

CVE-2026-40047: Apache Camel camel-docling improperly validates custom CLI arguments, enabling argument injection and path traversal when untrusted data is mapped into docling invocation headers.

CVE-2026-40047 is verified against apache/camel · Maven affected versions: 4.15.0 through before 4.18.3 fixed version: 4.18.3 vulnerability class: Path Traversal This critical reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00264.

REPRO-2026-00264 apache/camel · Maven Path Traversal Variant found Jul 7, 2026 .txt
Severity CRITICAL
Confidence MEDIUM
Reproduced in 41m 23s
Tool calls 497
Spend $15.34
Affected 4.15.0 through before 4.18.3
Fixed in 4.18.3
$ pruva-verify REPRO-2026-00264
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00264/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

Improper neutralization of argument delimiters in Apache Camel’s camel-docling component allows untrusted inputs to influence the docling CLI invocation. The component appended user-supplied arguments from CamelDoclingCustomArguments and path-bearing headers with weak validation (denylist of flags and literal ../ checks), enabling injection of unintended CLI flags and traversal sequences that resolve outside intended directories. The issue affects Apache Camel 4.15.0 through 4.18.2.

03 · Root cause
Variant analysis
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.

bundle/logs/vulnerable_4.16.0_docling_mock.log1.1 KB
bundle/logs/vulnerable_4.18.2_docling_mock.log0.5 KB
bundle/logs/fixed_4.18.3_resp_unknownflag.txt0.1 KB
bundle/logs/real_4.16.0_resp_unknownflag.txt1.7 KB
bundle/logs/real_4.16.0_resp_allowed.txt0.0 KB
bundle/logs/shellmeta_no_rce_evidence.txt0.7 KB
bundle/artifact_promotion_manifest.json21.9 KB
bundle/artifact_promotion_report.json21.9 KB
bundle/vuln_variant/source_identity.json1.6 KB
bundle/vuln_variant/root_cause_equivalence.json1.7 KB
bundle/repro/reproduction_steps.sh23.2 KB
bundle/repro/rca_report.md9.9 KB
bundle/repro/validation_verdict.json1.3 KB
bundle/repro/runtime_manifest.json2.5 KB
bundle/logs/reproduction_steps.log4.6 KB
bundle/logs/http_transcript.log5.4 KB
bundle/logs/vulnerable_4.16.0_attempt1_rce_marker.txt0.1 KB
bundle/logs/vulnerable_4.18.2_attempt1_rce_marker.txt0.1 KB
bundle/logs/fixed_4.18.3_attempt1_response.txt0.1 KB
bundle/logs/maven_compile.log0.0 KB
bundle/logs/docling_plugin_install.log0.5 KB
bundle/logs/vulnerable_4.16.0_attempt1_service.log0.2 KB
bundle/logs/vulnerable_4.16.0_attempt1_docling_invocations.log0.6 KB
bundle/logs/vulnerable_4.16.0_attempt1_response.txt1.8 KB
bundle/logs/vulnerable_4.16.0_attempt2_service.log0.2 KB
bundle/logs/vulnerable_4.16.0_attempt2_docling_invocations.log0.6 KB
bundle/logs/vulnerable_4.16.0_attempt2_response.txt1.8 KB
bundle/logs/vulnerable_4.16.0_attempt2_rce_marker.txt0.1 KB
bundle/logs/vulnerable_4.18.2_attempt1_service.log0.2 KB
bundle/logs/vulnerable_4.18.2_attempt1_docling_invocations.log0.6 KB
bundle/logs/vulnerable_4.18.2_attempt1_response.txt1.8 KB
bundle/logs/vulnerable_4.18.2_attempt2_service.log0.2 KB
bundle/logs/vulnerable_4.18.2_attempt2_docling_invocations.log0.6 KB
bundle/logs/vulnerable_4.18.2_attempt2_response.txt1.8 KB
bundle/logs/vulnerable_4.18.2_attempt2_rce_marker.txt0.1 KB
bundle/logs/fixed_4.18.3_attempt1_service.log0.2 KB
bundle/logs/fixed_4.18.3_attempt2_service.log0.2 KB
bundle/logs/fixed_4.18.3_attempt2_response.txt0.1 KB
bundle/vuln_variant/reproduction_steps.sh14.5 KB
bundle/vuln_variant/rca_report.md10.2 KB
bundle/vuln_variant/patch_analysis.md6.9 KB
bundle/vuln_variant/variant_manifest.json3.6 KB
bundle/vuln_variant/validation_verdict.json3.2 KB
bundle/vuln_variant/runtime_manifest.json1.9 KB
bundle/logs/vuln_variant/reproduction_steps.log1.3 KB
bundle/logs/vuln_variant/fixed_4.18.3_docling_invocations.log1.0 KB
bundle/logs/vuln_variant/fixed_version.txt0.5 KB
bundle/logs/vuln_variant/vulnerable_4.18.2_service.log0.3 KB
bundle/logs/vuln_variant/vulnerable_4.18.2_docling_invocations.log1.0 KB
bundle/logs/vuln_variant/vulnerable_4.18.2_response.txt0.1 KB
bundle/logs/vuln_variant/vulnerable_4.18.2_escaped_marker.txt0.4 KB
bundle/logs/vuln_variant/fixed_4.18.3_service.log0.3 KB
bundle/logs/vuln_variant/fixed_4.18.3_response.txt0.1 KB
bundle/logs/vuln_variant/fixed_4.18.3_escaped_marker.txt0.4 KB
bundle/logs/vuln_variant/fixed_4.18.3_custom_args_control_response.txt0.2 KB
bundle/logs/vuln_variant/latest_4.21.0_service.log0.3 KB
bundle/logs/vuln_variant/latest_4.21.0_docling_invocations.log1.0 KB
bundle/logs/vuln_variant/latest_4.21.0_response.txt0.1 KB
bundle/logs/vuln_variant/latest_4.21.0_escaped_marker.txt0.4 KB
bundle/logs/vuln_variant/latest_4.21.0_custom_args_control_response.txt0.2 KB