Code Execution Vulnerability in Amazon Redshift Python Driver by AWS
CVE-2026-8838

9.3CRITICAL

Key Information:

Vendor: Aws
Status: Amazon Redshift Connector For Python
Vendor: CVE Published:; 18 May 2026

What is CVE-2026-8838?

A security vulnerability in the Amazon Redshift Python Driver allows a malicious server or man-in-the-middle attacker to exploit unsafe usage of Python's eval() function on data received from a server. This can result in arbitrary code execution on the client side, which poses a significant security risk. Users are urged to upgrade to version 2.1.14 to mitigate this risk and safeguard their systems.

Affected Version(s)

Amazon Redshift connector for Python 0 <= 2.1.13

References

https://github.com/aws/amazon-redshift-python-driver/rele...

patch

https://aws.amazon.com/security/security-bulletins/2026-0...

vendor-advisory

https://github.com/aws/amazon-redshift-python-driver/secu...

third-party-advisory

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 18, 2026
Vulnerability Reserved
May 18, 2026

Credit

Institute of Information Engineering, Chinese Academy of Sciences

CVE-2026-8838 Data

JSON

Aws

What is CVE-2026-8838?

Affected Version(s)

References

CVSS V4

Timeline

Credit