Apache Camel Vulnerabilities in SAP Integration Suite Edge Integration Cell
SAP Integration Suite — Edge Integration Cell
If your organisation uses the Edge Integration Cell for hybrid integration scenarios, this is a high priority patch. Apache Camel deserialization vulnerabilities have a history of being straightforward to exploit once a proof-of-concept is public. Two-week window, but tighten network controls now.
Vulnerability Detail
Multiple deserialization and code execution vulnerabilities in the Apache Camel framework (CVE-2026-40860, CVE-2026-40453, CVE-2026-33454) affect SAP Integration Suite Edge Integration Cell deployments prior to version 8.43.11. Successful exploitation can allow an attacker with access to integration endpoints to trigger remote code execution via malicious payloads in Camel routes.
Workaround
Restrict network access to Edge Integration Cell endpoints. Review and restrict which external systems can invoke Camel routes.
Patch Action
Upgrade SAP Integration Suite Edge Integration Cell to 8.43.11 or higher. Apply SAP Note 3758101.
Affected Versions
Patch Info