{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3960", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2026-03-11T12:52:45.232Z", "datePublished": "2026-04-23T08:47:48.618Z", "dateUpdated": "2026-04-23T12:29:32.439Z"}, "containers": {"cna": {"title": "Remote Code Execution in h2oai/h2o-3", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2026-04-23T08:47:48.618Z"}, "descriptions": [{"lang": "en", "value": "A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific dangerous parameters. An attacker can bypass these controls by switching the JDBC URL protocol to jdbc:postgresql: and exploiting PostgreSQL JDBC driver-specific parameters such as socketFactory and socketFactoryArg. This allows unauthenticated attackers to execute arbitrary code on the H2O-3 server with the privileges of the H2O-3 process. The issue is resolved in version 3.46.0.10."}], "affected": [{"vendor": "h2oai", "product": "h2oai/h2o-3", "versions": [{"version": "unspecified", "lessThan": "3.46.0.10", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/6954fe04-b905-453f-8c53-205ac8377e0d"}, {"url": "https://github.com/h2oai/h2o-3/commit/b9ae2d3c5220db2dc53753357a783e590364d044"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code", "cweId": "CWE-94"}]}], "source": {"advisory": "6954fe04-b905-453f-8c53-205ac8377e0d", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T12:25:29.022861Z", "id": "CVE-2026-3960", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T12:29:32.439Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3960", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-23T12:25:29.022861Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T12:27:32.967Z"}}], "cna": {"title": "Remote Code Execution in h2oai/h2o-3", "source": {"advisory": "6954fe04-b905-453f-8c53-205ac8377e0d", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "h2oai", "product": "h2oai/h2o-3", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "3.46.0.10", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/6954fe04-b905-453f-8c53-205ac8377e0d"}, {"url": "https://github.com/h2oai/h2o-3/commit/b9ae2d3c5220db2dc53753357a783e590364d044"}], "descriptions": [{"lang": "en", "value": "A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific dangerous parameters. An attacker can bypass these controls by switching the JDBC URL protocol to jdbc:postgresql: and exploiting PostgreSQL JDBC driver-specific parameters such as socketFactory and socketFactoryArg. This allows unauthenticated attackers to execute arbitrary code on the H2O-3 server with the privileges of the H2O-3 process. The issue is resolved in version 3.46.0.10."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2026-04-23T08:47:48.618Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3960", "state": "PUBLISHED", "dateUpdated": "2026-04-23T12:29:32.439Z", "dateReserved": "2026-03-11T12:52:45.232Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2026-04-23T08:47:48.618Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific dangerous parameters. An attacker can bypass these controls by switching the JDBC URL protocol to jdbc:postgresql: and exploiting PostgreSQL JDBC driver-specific parameters such as socketFactory and socketFactoryArg. This allows unauthenticated attackers to execute arbitrary code on the H2O-3 server with the privileges of the H2O-3 process. The issue is resolved in version 3.46.0.10."}], "id": "CVE-2026-3960", "lastModified": "2026-04-24T14:50:56.203", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2026-04-23T10:16:17.813", "references": [{"source": "security@huntr.dev", "url": "https://github.com/h2oai/h2o-3/commit/b9ae2d3c5220db2dc53753357a783e590364d044"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/6954fe04-b905-453f-8c53-205ac8377e0d"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,3.46.0.10)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "h2oai/h2o-3", "source": "cna", "vendor": "h2oai"}, "product": "h2o-3", "vendor": "h2oai"}], "analysis": {"en": {"generated_at": "2026-04-28T20:33:42.079637+00:00", "value": {"mitigation_remediation": ["Upgrade H2O-3 to version 3.46.0.10 or later to apply the vendor fix.", "If an upgrade cannot be performed immediately, restrict or disable access to the /99/ImportSQLTable endpoint, for example by firewall rules or by requiring authentication before allowing the request.", "Consider removing PostgreSQL JDBC support or hardening the blacklist mechanism to block unsafe parameters until a patch is available."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is H2O-3 from h2oai. Versions 3.46.0.9 and any earlier release are vulnerable. The issue has been addressed in version 3.46.0.10, which eliminates the insecure parameter handling.", "description_and_impact": "An unauthenticated REST API endpoint, /99/ImportSQLTable, in H2O-3 allows an attacker to execute arbitrary code on the server. The vulnerability stems from an insufficient blacklist that only filters MySQL JDBC driver parameters, enabling an attacker to switch the JDBC URL protocol to jdbc:postgresql: and use PostgreSQL\u2011specific parameters such as socketFactory and socketFactoryArg. By exploiting this loophole, an attacker can run arbitrary code with the privileges of the H2O\u20113 process, potentially compromising confidentiality, integrity, and availability of the entire system.", "risk_and_exploitability": "The CVSS score of 5.9 indicates a moderate severity, while the EPSS score of <1% suggests a low probability of exploitation under current circumstances. The vulnerability is not listed in the CISA KEV catalog. Attackers are presumed to reach the endpoint over the network with no authentication required, making it a likely vector for exploitation if the API is exposed. The exploit requires only standard network traffic to the REST service and no special privileges beyond that."}}}}, "created": "2026-04-28T09:26:14.199896+00:00", "updated": "2026-04-28T20:45:16.586515+00:00", "vendors": ["h2oai", "h2oai$PRODUCT$h2o-3"]}