{"id":"PYSEC-2026-353","summary":"H2O has an External Control of File Name or Path vulnerability","details":"A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the `/3/Frames/framename/export` endpoint. The impact of this vulnerability includes the potential for remote code execution and complete access to the system running h2o-3, as attackers can overwrite critical files such as private SSH keys or script files.","aliases":["CVE-2024-5986","GHSA-wj3h-wx8g-x699"],"modified":"2026-07-01T20:22:54.140956Z","published":"2026-06-29T11:50:51.728938Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5986"},{"type":"PACKAGE","url":"https://github.com/h2oai/h2o-3"},{"type":"WEB","url":"https://huntr.com/bounties/64ff5319-6ac3-4447-87f7-b53495d4d5a3"},{"type":"PACKAGE","url":"https://pypi.org/project/h2o"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-wj3h-wx8g-x699"}],"affected":[{"package":{"name":"h2o","ecosystem":"PyPI","purl":"pkg:pypi/h2o"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"3.46.0.1"}]}],"versions":["3.10.0.10","3.10.0.3","3.10.0.6","3.10.0.7","3.10.0.8","3.10.3.3","3.10.3.4","3.10.4.1","3.10.4.2","3.10.4.3","3.10.4.4","3.10.4.6","3.10.4.8","3.16.0.1","3.16.0.2","3.16.0.3","3.16.0.4","3.18.0.1","3.18.0.10","3.18.0.11","3.18.0.2","3.18.0.3","3.18.0.4","3.18.0.5","3.18.0.6","3.18.0.7","3.18.0.8","3.18.0.9","3.20.0.4","3.20.0.5","3.20.0.6","3.20.0.7","3.20.0.8","3.22.0.1","3.22.0.2","3.22.0.3","3.22.0.4","3.22.0.5","3.22.1.1","3.22.1.2","3.22.1.3","3.22.1.4","3.22.1.5","3.22.1.6","3.24.0.1","3.24.0.2","3.24.0.3","3.24.0.4","3.24.0.5","3.26.0.1","3.26.0.10","3.26.0.11","3.26.0.2","3.26.0.3","3.26.0.4","3.26.0.5","3.26.0.6","3.26.0.8","3.26.0.9","3.28.0.1","3.28.0.2","3.28.0.3","3.28.1.2","3.28.1.3","3.30.0.1","3.30.0.2","3.30.0.3","3.30.0.4","3.30.0.5","3.30.0.6","3.30.0.7","3.30.1.1","3.30.1.2","3.30.1.3","3.32.0.2","3.32.0.3","3.32.0.4","3.32.0.5","3.32.1.1","3.32.1.2","3.32.1.3","3.32.1.4","3.32.1.5","3.32.1.6","3.32.1.7","3.34.0.3","3.34.0.7","3.34.0.8","3.36.0.2","3.36.0.3","3.36.0.4","3.36.1.1","3.36.1.2","3.36.1.3","3.36.1.4","3.36.1.5","3.38.0.1","3.38.0.2","3.38.0.3","3.38.0.4","3.40.0.1","3.40.0.2","3.40.0.3","3.40.0.4","3.42.0.1","3.42.0.2","3.42.0.3","3.42.0.4","3.44.0.1","3.44.0.2","3.44.0.3","3.46.0.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/h2o/PYSEC-2026-353.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}]}