A vulnerability was found in h2o. It has been classified as problematic. This impacts the function alloca of the component File Path. The manipulation leads to stack-based buffer overflow.

This vulnerability is referenced as CVE-2026-44453. Remote exploitation of the attack is possible. No exploit is available.