Code Execution Vulnerability in Apache Gravitino Affecting H2 JDBC URLs
CVE-2026-41042
Currently unrated
What is CVE-2026-41042?
A vulnerability in Apache Gravitino allows unauthenticated users to provide a malicious H2 JDBC URL via the testConnection API. This can lead to the execution of arbitrary Java code on the server due to improper handling of the INIT parameter in H2. This issue predominantly affects environments where H2 is used for testing or local development, emphasizing the importance of upgrading to version 1.2.1 to eliminate the risk.
Affected Version(s)
Apache Gravitino 0 < 1.2.1