{"vulnerability": "cve-2026-41042", "sightings": [{"uuid": "aa03509f-f563-44cc-9c82-eb8735ba8695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41042", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mq5jlooecl2f", "content": "CVE-2026-41042: Apache Gravitino: Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter", "creation_timestamp": "2026-07-08T16:20:38.680935Z"}, {"uuid": "fb66ab41-8a3a-4093-824a-99b5801253f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41042", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mq5jrsw37s22", "content": "CVE-2026-41042\nApache Gravitino, a Java-based tool, has a security issue when using H2 databases for testing. An attacker can execute malicious code on the server if they know the server is using H2. To fix this, update to\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-08T16:24:04.328773Z"}]}