CVE-2026-8752 | h2oai h2o-3 up to 7402 Rapids setproperty Primitive AstSetProperty.java exec access control

A vulnerability classified as critical was found in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access controls.

This vulnerability appears as CVE-2026-8752. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8752 | h2oai h2o-3 up to 7402 Rapids setproperty Primitive AstSetProperty.java exec access control

Post correlati

CVE-2025-5840 | SourceCodester Client Database Management System 1.0 user_update_customer_order.php uploaded_file unrestricted upload

CVE-2025-21742 | Linux Kernel up to 6.6.77/6.12.13/6.13.2 ipheth wNdpIndex out-of-bounds

CVE-2025-47728 | Delta Electronics CNCSoft-G2 2.0.0.5/2.1.0.4/2.1.0.10/2.1.0.20 File out-of-bounds write (PCSA-2025-00007)

CVE-2023-42832 | Apple macOS Software Update Privilege Escalation