CVE-2026-8178
Received Received - Intake
Remote Code Execution in Amazon Redshift JDBC Driver

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: AMZN

Description
An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application context, provided a suitable class is available on the application's classpath. To mitigate this issue, users should upgrade to version 2.2.2 or later.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-8178
EUVD
EUVD-2026-28814
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
amazon redshift_jdbc_driver to 2.2.2 (exc)
amazon amazon_redshift_jdbc_driver to 2.2.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-470 The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters.

An attacker who can influence the connection URL might be able to execute code within the application context, assuming a suitable class is available on the application's classpath.

To fix this issue, users should upgrade to version 2.2.2 or later.

Impact Analysis

This vulnerability can allow an attacker who controls the JDBC connection URL to execute arbitrary code within the application context.

Such code execution could lead to unauthorized actions, data compromise, or disruption of the application using the vulnerable driver.

Mitigation Strategies

To mitigate this vulnerability, users should upgrade the Amazon Redshift JDBC Driver to version 2.2.2 or later.

Compliance Impact

This vulnerability allows remote code execution within the application's context, potentially leading to unauthorized access to sensitive data, modification of application state, or disruption of service availability.

Such unauthorized access and potential data compromise could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require safeguarding sensitive information and ensuring system integrity and availability.

Mitigating this vulnerability by upgrading to version 2.2.2 or later is essential to maintain compliance and reduce the risk of data breaches or service disruptions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8178. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart