Description
A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific dangerous parameters. An attacker can bypass these controls by switching the JDBC URL protocol to jdbc:postgresql: and exploiting PostgreSQL JDBC driver-specific parameters such as socketFactory and socketFactoryArg. This allows unauthenticated attackers to execute arbitrary code on the H2O-3 server with the privileges of the H2O-3 process. The issue is resolved in version 3.46.0.10.
Published: 2026-04-23
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated REST API endpoint, /99/ImportSQLTable, in H2O-3 allows an attacker to execute arbitrary code on the server. The vulnerability stems from an insufficient blacklist that only filters MySQL JDBC driver parameters, enabling an attacker to switch the JDBC URL protocol to jdbc:postgresql: and use PostgreSQL‑specific parameters such as socketFactory and socketFactoryArg. By exploiting this loophole, an attacker can run arbitrary code with the privileges of the H2O‑3 process, potentially compromising confidentiality, integrity, and availability of the entire system.

Affected Systems

The affected product is H2O-3 from h2oai. Versions 3.46.0.9 and any earlier release are vulnerable. The issue has been addressed in version 3.46.0.10, which eliminates the insecure parameter handling.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity, while the EPSS score of <1% suggests a low probability of exploitation under current circumstances. The vulnerability is not listed in the CISA KEV catalog. Attackers are presumed to reach the endpoint over the network with no authentication required, making it a likely vector for exploitation if the API is exposed. The exploit requires only standard network traffic to the REST service and no special privileges beyond that.

Generated by OpenCVE AI on May 19, 2026 at 23:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade H2O-3 to version 3.46.0.10 or later to apply the vendor fix.
  • If an upgrade cannot be performed immediately, restrict or disable access to the /99/ImportSQLTable endpoint, for example by firewall rules or by requiring authentication before allowing the request.
  • Consider removing PostgreSQL JDBC support or hardening the blacklist mechanism to block unsafe parameters until a patch is available.

Generated by OpenCVE AI on May 19, 2026 at 23:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-qmcv-hh7c-3m56 H2O-3 is Vulnerable to Code Injection
History

Tue, 19 May 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared H2o
H2o h2o
CPEs cpe:2.3:a:h2o:h2o:*:*:*:*:*:*:*:*
Vendors & Products H2o
H2o h2o
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared H2oai
H2oai h2o-3
Vendors & Products H2oai
H2oai h2o-3

Thu, 23 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Description A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific dangerous parameters. An attacker can bypass these controls by switching the JDBC URL protocol to jdbc:postgresql: and exploiting PostgreSQL JDBC driver-specific parameters such as socketFactory and socketFactoryArg. This allows unauthenticated attackers to execute arbitrary code on the H2O-3 server with the privileges of the H2O-3 process. The issue is resolved in version 3.46.0.10.
Title Remote Code Execution in h2oai/h2o-3
Weaknesses CWE-94
References
Metrics cvssV3_0

{'score': 5.9, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

H2o H2o
H2oai H2o-3
cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published:

Updated: 2026-04-23T12:29:32.439Z

Reserved: 2026-03-11T12:52:45.232Z

Link: CVE-2026-3960

cve-icon Vulnrichment

Updated: 2026-04-23T12:27:32.967Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T10:16:17.813

Modified: 2026-05-19T21:52:42.523

Link: CVE-2026-3960

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T23:30:05Z

Weaknesses
  • CWE-94

    Improper Control of Generation of Code ('Code Injection')