CVE-2026-8750 | h2oai h2o-3 up to 7402 ImportFile API PersistNFS.java importFiles information disclosure

A vulnerability described as problematic has been identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure.

This vulnerability is documented as CVE-2026-8750. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8750 | h2oai h2o-3 up to 7402 ImportFile API PersistNFS.java importFiles information disclosure

Post correlati

CVE-2023-50778 | PaaSLane Estimate Plugin up to 1.0.4 on Jenkins cross-site request forgery

CVE-2026-20202 | Splunk Enterprise/Cloud Platform Username edit_user unicode encoding (SVD-2026-0401)

CVE-2023-50291 | Apache Solr up to 8.11.2/9.2.x /admin/info/properties insufficiently protected credentials

CVE-2025-7883 | Eluktronics Control Center 5.23.51.41 Powershell Script Command command injection