CVE-2026-41042 - Apache Gravitino: Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter
CVE ID :CVE-2026-41042 Published : July 8, 2026, 12:17 p.m. | 4 hours, 57 minutes ago Description :Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter. Vulnerability in Apache...