Home / Vulnerability Intelligence / CVE-2026-8178

CVE-2026-8178 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: May 8, 2026

Amazon Redshift JDBC Driver - Remote Code Execution

Published: May 8, 2026Updated: May 8, 2026Remote Exploitable

Overview

Amazon Redshift JDBC Driver < 2.2.2 contains a remote code execution caused by loading and executing arbitrary classes from JDBC connection URL parameters, letting attackers execute code in the application context, exploit requires attacker to control connection URL.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers controlling the connection URL can execute arbitrary code within the application context, potentially compromising the system.

Mitigation

Upgrade to version 2.2.2 or later.

References

https://aws.amazon.com/security/security-bulletins/2026-028-aws/
https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.2.2
https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-wmmv-vvg5-993q

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-8178
Severity: High
CVSS Score: 8.1
Type: undefined
Status: new

CWE

CWE-470

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H