CVE-2026-8838

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

GHSA-29H4-R29X-HCHV amazon-redshift-python-driver vulnerable to Remote Code Execution via eval() Injection

Summary amazon-redshift-python-driver is the official Python connector for Amazon Redshift. In versions 2.1.13 and earlier, the driver insufficiently validates data received from the server during query result processing. A rogue server or man-in-the-middle could leverage this to execute arbitrar...

Exploit for CVE-2026-8838

CVE-2026-8838 — Amazon Redshift Python Driver: Remote Code Exe...

CVE-2026-8838 Remote Code Execution via eval() Injection in amazon-redshift-python-driver

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

CVE-2026-8838

CVE-2026-8838 affects the amazon-redshift-python-driver prior to 2.1.14. The issue arises from unsafe use of Python’s eval() on server-received data in the vector_in() function, enabling a rogue server or man-in-the-middle actor to execute arbitrary code on the client. Affected component: amazon-...

CVE-2026-8838 Remote Code Execution via eval() Injection in amazon-redshift-python-driver

Unsafe use of Python's eval on server-received data in the vectorin function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14...

EUVD-2026-28814

Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading...

GHSA-WMMV-VVG5-993Q Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading

Summary Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs. An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters...

ai.starlake:spark-redshift_2.13 (>=6.5.0 <=6.5.1), ai.starlake:starlake-api_2.13 (>=1.5.8 <=1.5.15) +87 more potentially affected by CVE-2026-8178 via com.amazon.redshift:redshift-jdbc42 (>=2.0.0.3 <=2.2.1)

com.amazon.redshift:redshift-jdbc42 MAVEN version =2.0.0.3, =6.5.0, =1.5.8, =2025.34.3, =0.293, =0.293, =5.0.0, =5.1.0, =1.3.0, =1.19.1891, =0.1.15-alpha, =0.1.15-alpha, =0.1.15-alpha, =3.2.171, =6.0.0-spark3.3, =6.6.0-spark3.5 and more Source cves: CVE-2026-8178 Source advisory:...

RedShift JDBC Driver < 2.2.2 Arbitrary Class Loading (CVE-2026-8178)

The Amazon Redshift JDBC Driver installed on the remote host is prior to 2.2.2. It is, therefore, affected by a flaw that could allow the driver to load and execute arbitrary classes when processing JDBC connection URL parameters. Under certain conditions, an actor able to influence the connectio...

CVE-2026-8178

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

CVE-2026-8178

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

Magnitude Simba Amazon Redshift JDBC Driver 安全漏洞

The Magnitude Simba Amazon Redshift JDBC Driver is a JDBC driver provided by the American company Magnitude. It enables database connection through the standard JDBC Application Programming Interface API available in the Java Platform Enterprise Edition. Versions of the Magnitude Simba Amazon...

CVE-2026-32140

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

CVE-2026-32140 Dataease: Redshift JDBC RCE Bypass

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

EUVD-2026-11651

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

PT-2026-25036

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code...

Redshift JDBC Driver 安全漏洞

Redshift JDBC Driver is an open source Redshift JDBC driver for Amazon Web Services. A security vulnerability exists in Redshift JDBC Driver version 2.1.0.31, which stems from an SQL injection vulnerability that could allow a user to gain escalated privileges via the getSchemas, getTables, or...

PT-2024-10193 · Amazon · Amazon Redshift Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Amazon Redshift JDBC Driver version 2.1.0.31 Description: A SQL injection issue in the Amazon Redshift JDBC Driver allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. This issue can be...