CVE-2026-8751: h2oai h2o-3 Insecure Deserialization Vulnerability (HIGH)
The National Vulnerability Database (NVD) has disclosed CVE-2026-8751, a high-severity insecure deserialization flaw in h2oai h2o-3, affecting versions up to 7402. This vulnerability resides in the importBinaryModel function within the h2o-core/src/main/java/hex/Model.java file, specifically within the JAR Handler component. The flaw allows for remote exploitation, enabling attackers to trigger deserialization through crafted input.
This is a critical issue. Insecure deserialization vulnerabilities often lead to remote code execution (RCE) if not properly mitigated, as attackers can manipulate serialized objects to execute arbitrary commands. The fact that an exploit has been publicly released significantly escalates the threat, meaning adversaries are already leveraging this knowledge. The NVD notes that the vendor was unresponsive to early disclosure, which is a red flag for timely patch availability.
Defenders need to treat this with urgency. A CVSS score of 7.3 (HIGH) with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L indicates this is a network-exploitable vulnerability requiring no user interaction or privileges. It grants low impact on confidentiality, integrity, and availability, but the potential for RCE often means these ratings understate the true risk.
What This Means For You
- If your organization uses h2oai h2o-3, immediately identify all instances running versions up to 7402. Prioritize patching or implementing compensating controls to prevent remote deserialization attacks. Assume an exploit is already being used in the wild and audit your environments for suspicious activity related to h2oai deployments.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-8751: h2oai h2o-3 Insecure Deserialization via importBinaryModel
title: CVE-2026-8751: h2oai h2o-3 Insecure Deserialization via importBinaryModel
id: scw-2026-05-17-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit CVE-2026-8751 by targeting the importBinaryModel function within the h2oai h2o-3 web interface. This specific URI and query parameter combination is indicative of an attempt to trigger the insecure deserialization vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-17
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-8751/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-method:
- 'POST'
cs-uri|contains:
- '/3/Models.json'
cs-uri-query|contains:
- 'importBinaryModel'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-8751 | Deserialization | h2oai h2o-3 up to 7402 |
| CVE-2026-8751 | Deserialization | h2o-core/src/main/java/hex/Model.java::importBinaryModel |
| CVE-2026-8751 | Deserialization | Component: JAR Handler |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 17, 2026 at 15:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-20240 — Denial of Service
CVE-2026-20240 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129,...
Splunk Enterprise, Cloud Vulnerability Exposes Session Cookies, Sensitive Data
CVE-2026-20239 — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a...
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged
CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data...