CVE-2026-8750

Vulnerability

Analysis

The vulnerability in H2O-3 (up to version 7402) resides in the ImportFiles API endpoint (POST /3/ImportFiles). The function importFiles in PersistNFS.java takes a user-supplied filesystem path and, after limited deny-glob checks (blocking paths like /etc and /proc), proceeds to import the file as an H2O frame. The endpoint is exposed without any authentication, authorization, or an allowlist of permitted import directories [1].

Exploitation

An unauthenticated attacker can send a POST request to /3/ImportFiles with a path parameter pointing to any server-readable local file not blocked by the deny glob (e.g., /root/buildinfo/labels.json). The file is then imported as an H2O frame. The attacker can subsequently retrieve the file content by making a GET request to /3/Frames/nfs://<path> [1]. No prior authentication or network position beyond reachability is required.

Impact

Successful exploitation allows an attacker to read arbitrary files from the server that are readable by the H2O-3 process. This can lead to disclosure of sensitive configuration files, credentials, or other data, compromising the confidentiality of the system [1].

Mitigation

Status

The vendor was contacted but did not respond. No official patch is available as of the publication date. Users should restrict network access to the H2O-3 API, implement a reverse proxy with authentication, or apply a filesystem allowlist if possible. The exploit is publicly available, increasing the risk of active exploitation [1].