Vulnerability Description
A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| H2O | H2O | <= 7402 |
Related Weaknesses (CWE)
References
- https://vuldb.com/submit/810105Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/364377Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/364377/ctiPermissions RequiredVDB Entry
- https://vulnplus-note.wetolink.com/share/wWjmsfKHRJi3Broken Link
FAQ
What is CVE-2026-8750?
CVE-2026-8750 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFil...
How severe is CVE-2026-8750?
CVE-2026-8750 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-8750?
Check the references section above for vendor advisories and patch information. Affected products include: H2O H2O.