Arbitrary Code Execution Vulnerability in Amazon Redshift JDBC Driver
CVE-2026-8178

9.2CRITICAL

Key Information:

Vendor

Amazon

Status
Amazon Redshift Jdbc Driver
Vendor
CVE Published:
8 May 2026

What is CVE-2026-8178?

The Amazon Redshift JDBC Driver versions prior to 2.2.2 have a vulnerability that allows arbitrary code execution under specific conditions. This issue arises when the driver processes JDBC connection URL parameters, enabling an attacker with the ability to manipulate the URL to load and execute untrusted classes within the application's context. To protect your systems from this risk, it is crucial to upgrade to version 2.2.2 or later.

Affected Version(s)

Amazon Redshift JDBC Driver 2.2.2

References

https://github.com/aws/amazon-redshift-jdbc-driver/releas...
patch
https://aws.amazon.com/security/security-bulletins/2026-0...
vendor-advisory
https://github.com/aws/amazon-redshift-jdbc-driver/securi...
third-party-advisory

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.