ByteOS Network

NVD Vulnerability Details :

CVE-2026-8178

Awaiting Analysis

Source-ff89ba41-3aa1-4d27-914a-91399e9639e5

Published At-08 May, 2026 | 19:16

Updated At-12 May, 2026 | 14:13

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application context, provided a suitable class is available on the application's classpath. To mitigate this issue, users should upgrade to version 2.2.2 or later.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	9.2	CRITICAL	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 4.0

Base score: 9.2

Base severity: CRITICAL

Vector:

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-470	Secondary	ff89ba41-3aa1-4d27-914a-91399e9639e5

CWE ID: CWE-470

Type: Secondary

Source: ff89ba41-3aa1-4d27-914a-91399e9639e5

References

Hyperlink	Source	Resource
https://aws.amazon.com/security/security-bulletins/2026-028-aws/	ff89ba41-3aa1-4d27-914a-91399e9639e5	N/A
https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.2.2	ff89ba41-3aa1-4d27-914a-91399e9639e5	N/A
https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-wmmv-vvg5-993q	ff89ba41-3aa1-4d27-914a-91399e9639e5	N/A