MEDIUM
h2oai
CVE published 2026-05-17
CVE-2026-8750
CVE-2026-8750 describes an information-disclosure issue in h2oai h2o-3, affecting the importFiles function in h2o-core/src/main/java/water/persist/PersistNFS.java as part of the ImportFile API. The CVE record indicates the issue can be triggered remotely and that a public exploit is available. Based on the published CVSS vector, the primary impact is confidentiality loss rather than integrity or availability impact.