Untrusted Search Path Vulnerability in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL
CVE-2026-11400
8.6HIGH
What is CVE-2026-11400?
A security flaw in the GlobalDatabasePlugin of the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL could allow a remote low-privilege authenticated user to exploit an untrusted search path. This vulnerability enables the manipulation of a crafted function to run with the privileges of another Amazon RDS user, potentially granting unauthorized access to sensitive operations and elevated privileges, including rds_superuser rights. To mitigate this risk, it is crucial for users to upgrade to version 4.0.1 of the AWS Advanced JDBC Wrapper.
Affected Version(s)
AWS Advanced JDBC Wrapper 3.0.0 < 4.0.1
