CVE-2026-8751 | h2oai h2o-3 up to 7402 JAR Model.java importBinaryModel deserialization

Inserito da Angelo Barbosa | Mag 16, 2026 | CVE

A vulnerability classified as critical has been found in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a manipulation results in deserialization.

This vulnerability is reported as CVE-2026-8751. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8751 | h2oai h2o-3 up to 7402 JAR Model.java importBinaryModel deserialization

Post correlati

CVE-2024-9097 | Zoho ManageEngine Endpoint Central prior 11.3.2440.09 Chat username authorization

CVE-2026-7062 | Intina47 context-sync up to 2.0.0 Git Integration src/git-integration.ts os command injection (Issue 31)

CVE-2023-7061 | Advanced File Manager Shortcode Plugin up to 2.5.3 on WordPress unrestricted upload

CVE-2025-1813 | zj1983 zz up to 2024-08 cross-site request forgery