Description
A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-05-17
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the importBinaryModel method of the Model.java file within the h2o-core component allows an attacker to supply a crafted binary model file that is deserialized by the application. Because deserialization of untrusted data is performed without sufficient validation, an attacker could trigger arbitrary code execution on the host running the H2O AI service. The CVSS score of 6.9 indicates a moderate severity level, and the availability of a public exploit suggests that an attacker could create a malicious model and attempt to load it over the network. The primary impact is the ability for a remote attacker to alter the integrity of the application or execute arbitrary code within the host process.

Affected Systems

Affected systems include the h2oai h2o-3 product, specifically versions up to and including 7402. The vulnerability resides in the JAR handler component that processes incoming model files. Any deployment of this product prior to removing the vulnerability, regardless of the operating environment, requires remediation.

Risk and Exploitability

The risk is moderate to high when the application is exposed to remote connections that accept model uploads. Although the EPSS score is not available, the fact that the exploit has been publicly released and is listed in multiple vulnerability databases increases the likelihood of exploitation. As the vulnerability is not present in the CISA KEV catalog, no known publicly confirmed exploit activity has been reported by CISA, yet the available exploit code and the remote attack vector mean that systems should treat the issue as already exploited in the wild. A defensive posture requires patching or limiting the import capability.

Generated by OpenCVE AI on May 17, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to h2o-3 version 7403 or later, where the importBinaryModel vulnerability has been fixed.
  • If an upgrade is not immediately possible, restrict the importBinaryModel functionality to trusted users by disabling remote model loading or using network segmentation to ensure that only internal, authenticated components can invoke the import function.
  • Apply input validation and firewall rules to block or monitor suspicious binary model upload attempts; consider enabling Java serialization security features such as ObjectInputFilter to reject untrusted data.
  • Monitor logs for attempts to load malformed model files and treat them as potential exploitation activity.

Generated by OpenCVE AI on May 17, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 17 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title h2oai h2o-3 JAR Model.java importBinaryModel deserialization
First Time appeared H2oai
H2oai h2o-3
Weaknesses CWE-20
CWE-502
CPEs cpe:2.3:a:h2oai:h2o-3:*:*:*:*:*:*:*:*
Vendors & Products H2oai
H2oai h2o-3
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

H2oai H2o-3
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-17T11:30:10.692Z

Reserved: 2026-05-16T16:20:44.883Z

Link: CVE-2026-8751

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-17T12:16:42.533

Modified: 2026-05-17T12:16:42.533

Link: CVE-2026-8751

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T12:30:15Z

Weaknesses