CVE-2026-8752 | h2oai h2o-3 up to 7402 Rapids setproperty Primitive AstSetProperty.java exec access control

A vulnerability classified as critical was found in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access controls.

This vulnerability appears as CVE-2026-8752. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More