Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-102374. PoCs published by h4ckNinja.
AI-analyzed exploit summary This exploit demonstrates an unauthenticated RCE vulnerability in H2 Database versions 1.4.196 and 1.4.197 by leveraging the CREATE ALIAS functionality to execute arbitrary commands. It bypasses authentication by creating a new database with default credentials.
Description
H2 Database 1.4.196 - Remote Code Execution
Exploits (1)
exploitdb
WORKING POC
by h4ckNinja · pythonwebappsjava
https://www.exploit-db.com/exploits/45506
This exploit demonstrates an unauthenticated RCE vulnerability in H2 Database versions 1.4.196 and 1.4.197 by leveraging the CREATE ALIAS functionality to execute arbitrary commands. It bypasses authentication by creating a new database with default credentials.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
H2 Database 1.4.196 and 1.4.197
No auth needed
Prerequisites:
Network access to the H2 Database web console
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026