Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-11401
PUBLISHED
More InfoOfficial Page
Assigner-AMZN
Assigner Org ID-ff89ba41-3aa1-4d27-914a-91399e9639e5
View Known Exploited Vulnerability (KEV) details
Published At-05 Jun, 2026 | 19:07
Updated At-05 Jun, 2026 | 19:23
Rejected At-
▼CVE Numbering Authority (CNA)
Privilege Escalation in AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through the affected wrapper. To remediate this issue, users should upgrade to the AWS Advanced Go Wrapper release 2026-05-26

Affected Products
Vendor
AWS
Product
AWS Advanced Go Wrapper
Default Status
unaffected
Versions
Affected
  • From 2026-04-06 before 2026-05-26 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-426CWE-426: Untrusted Search Path
Type: CWE
CWE ID: CWE-426
Description: CWE-426: Untrusted Search Path
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233: Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233: Privilege Escalation
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/aws/aws-advanced-go-wrapper/releases/tag/release-2026-05-26
patch
https://aws.amazon.com/security/security-bulletins/2026-039-aws/
vendor-advisory
https://github.com/aws/aws-advanced-go-wrapper/security/advisories/GHSA-r236-5pc3-3qcp
third-party-advisory
Hyperlink: https://github.com/aws/aws-advanced-go-wrapper/releases/tag/release-2026-05-26
Resource:
patch
Hyperlink: https://aws.amazon.com/security/security-bulletins/2026-039-aws/
Resource:
vendor-advisory
Hyperlink: https://github.com/aws/aws-advanced-go-wrapper/security/advisories/GHSA-r236-5pc3-3qcp
Resource:
third-party-advisory
Details not found