Improper input validation in Apache Software Foundation Gravitino

CVE-2026-41042

Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter. Vulnerability in Apache Gravitino. This issue affects Apache Gravitino: b…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

Affected products

Weakness classification (CWE)

References