CVE-2021-42392

CRITICAL

H2 < 2.0.204 - Insecure Deserialization

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-42392. PoCs published by Be-Innova.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-42392, targeting H2 Database versions prior to 2.0.206. The exploit leverages the `CREATE ALIAS` feature to achieve remote code execution via JDBC connection to a vulnerable H2 TCP service.

Description

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.

Exploits (2)

nomisec WORKING POC
by Be-Innova · poc
https://github.com/Be-Innova/CVE-2021-42392-exploit-lab

This repository contains a functional exploit for CVE-2021-42392, targeting H2 Database versions prior to 2.0.206. The exploit leverages the `CREATE ALIAS` feature to achieve remote code execution via JDBC connection to a vulnerable H2 TCP service.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: H2 Database < 2.0.206
Auth required
Prerequisites: Exposed H2 TCP service (port 9092) · Valid database credentials · Java compiler on the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild SCANNER
poc
https://github.com/cybersecurityworks553/cve-2021-42392-detect

The repository contains a Python script designed to detect H2 Console web pages and check for access restrictions related to CVE-2021-42392. It scans a list of IPs for exposed H2 Console instances but does not include exploit code for the vulnerability.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: H2 Database Console
No auth needed
Prerequisites: list of target IPs · network access to target ports (default: 8082)
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 9.8
EPSS 0.6321
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-502
Status published
Products (6)
com.h2database/h2 1.1.100 - 2.0.206Maven
debian/debian_linux 9.0
debian/debian_linux 10.0
debian/debian_linux 11.0
h2database/h2 1.1.000 - 2.0.204
oracle/communications_cloud_native_core_policy 1.15.0
Published Jan 10, 2022
Tracked Since Feb 18, 2026