CVE-2026-8178

CVE Database · CVE-2026-8178

CVE-2026-8178

· HIGHAwaiting Analysis

CVSS v3.1

8.1

CVSS v4.0

9.2

EPSS

0.57%

Published

May 8, 2026

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application context, provided a suitable class is available on the application's classpath. To mitigate this issue, users should upgrade to version 2.2.2 or later.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-470

References (3)

https://aws.amazon.com/security/security-bulletins/2026-028-aws/

https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.2.2

https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-wmmv-vvg5-993q

KEV Catalog EPSS Scores Vendors All CVEs