PT-2026-39186 · Amazon · Amazon Redshift Jdbc Driver
Fushuling
·
Published
2026-05-08
·
Updated
2026-05-28
·
CVE-2026-8178
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Amazon Redshift JDBC Driver versions prior to 2.2.2
Description
An issue allows the driver to load and execute arbitrary classes when processing JDBC connection URL parameters. An actor capable of influencing the connection URL could potentially execute code within the application context, provided a suitable class exists on the application's classpath.
Recommendations
Upgrade to version 2.2.2 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amazon Redshift Jdbc Driver