high2026-07-14SAP Integration SuiteCVE-2026-40860

Apache Camel Vulnerabilities in SAP Integration Suite Edge Integration Cell

SAP Integration Suite — Edge Integration Cell

Our Take

If your organisation uses the Edge Integration Cell for hybrid integration scenarios, this is a high priority patch. Apache Camel deserialization vulnerabilities have a history of being straightforward to exploit once a proof-of-concept is public. Two-week window, but tighten network controls now.

Vulnerability Detail

Multiple deserialization and code execution vulnerabilities in the Apache Camel framework (CVE-2026-40860, CVE-2026-40453, CVE-2026-33454) affect SAP Integration Suite Edge Integration Cell deployments prior to version 8.43.11. Successful exploitation can allow an attacker with access to integration endpoints to trigger remote code execution via malicious payloads in Camel routes.

Workaround

Restrict network access to Edge Integration Cell endpoints. Review and restrict which external systems can invoke Camel routes.

Patch Action

Upgrade SAP Integration Suite Edge Integration Cell to 8.43.11 or higher. Apply SAP Note 3758101.

Affected Versions

SAP Integration Suite Edge Cell < 8.43.11

Patch Info

CVSS Score

8.8

SAP Note

3758101

CVE

CVE-2026-40860

Published

2026-07-14

← All patches