CVE-2026-8178
Received Received - Intake
Remote Code Execution in Amazon Redshift JDBC Driver

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: AMZN

Description
An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application context, provided a suitable class is available on the application's classpath. To mitigate this issue, users should upgrade to version 2.2.2 or later.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-8178
EUVD
EUVD-2026-28814
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
amazon redshift_jdbc_driver to 2.2.2 (exc)
amazon amazon_redshift_jdbc_driver to 2.2.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-470 The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters.

An attacker who can influence the connection URL might be able to execute code within the application context, assuming a suitable class is available on the application's classpath.

To fix this issue, users should upgrade to version 2.2.2 or later.


How can this vulnerability impact me? :

This vulnerability can allow an attacker who controls the JDBC connection URL to execute arbitrary code within the application context.

Such code execution could lead to unauthorized actions, data compromise, or disruption of the application using the vulnerable driver.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, users should upgrade the Amazon Redshift JDBC Driver to version 2.2.2 or later.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

This vulnerability allows remote code execution within the application's context, potentially leading to unauthorized access to sensitive data, modification of application state, or disruption of service availability.

Such unauthorized access and potential data compromise could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive information and ensuring system integrity and availability.

Mitigating this vulnerability by upgrading to version 2.2.2 or later is essential to maintain compliance and reduce the risk of data breaches or service disruptions.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart