CVE-2026-40022 variant contrast — scenario B (camel.server.path=/api, camel.server.authenticationPath=/api) Config is the doc-encouraged explicit-authPath-equals-context form (the variant). UNPATCHED camel-platform-http-main 4.14.5 : unpatched no_creds=200 with_creds=200 PATCHED (proposed_fix.diff applied) : patched no_creds=401 with_creds=200 VERDICT: variant bypass present on unpatched (200 no-creds) and closed on patched (401 no-creds).