Improper input validation in Apache Software Foundation Gravitino
CVE-2026-41042
Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter. Vulnerability in Apache Gravitino. This issue affects Apache Gravitino: b…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
Affected products
- Apache Software Foundation Gravitino — versions 0
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)