CVE-2026-8178

Published May 8, 2026

Last updated 18 days ago

CVSS critical 9.2
Amazon Redshift

Overview

Description
An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application context, provided a suitable class is available on the application's classpath. To mitigate this issue, users should upgrade to version 2.2.2 or later.
Source
ff89ba41-3aa1-4d27-914a-91399e9639e5
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.2
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Secondary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

ff89ba41-3aa1-4d27-914a-91399e9639e5
CWE-470

Social media

Hype score
Not currently trending

  1. Amazon Redshift JDBC の脆弱性 CVE-2026-8178 が FIX:URL 処理不備による任意のコード実行 https://t.co/QnsRGX6xkd Amazon Redshift JDBC ドライバーの脆弱性 CVE-2026-8178 は、プログラムがデータベースに接続する際の仕組みに起因す

    @iototsecnews

    22 May 2026

    73 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Critical flaw in Amazon Redshift JDBC driver (CVE-2026-8178) allows remote code execution via manipulated connection URLs. Immediate patching recommended. Link: https://t.co/WQbZKA97TG #Cybersecurity #Amazon #Redshift #JDBC #CVE #RCE #Vulnerability #Exploit #Security #Patch https

    @dailytechonx

    16 May 2026

    132 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14.CVE-2026-8838
  2. Linux Kernel Incorrect Resource Transfer Between Spheres VulnerabilityCVE-2026-31431
  3. Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.CVE-2025-15467
  4. Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver supports an undocumented syntax construct for the option value that if discovered can be used by an attacker. If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker can use the undocumented syntax to cause the driver to load an arbitrary class on the class path and execute a constructor on that class.   This issue affects: DataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541 DataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833 DataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628 DataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279 DataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344 DataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063 DataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964 DataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525 DataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410 DataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727 DataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851 DataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198 DataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957 DataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587 DataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669 DataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364 DataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776 DataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458 DataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316 DataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309 DataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856 DataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189 DataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125 DataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired DataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858 DataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162 DataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856 DataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430 DataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023 DataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339 DataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430 DataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183 DataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022CVE-2025-10702
  5. Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver log=(file) construct allows the user to specify an arbitrary file for the JDBC driver to write its log information to.  If an application allows an end user to specify a value for the SpyAttributes connection option then an attacker could cause java script to be written to a log file.  If the log file was in the correct location with the correct extension, an application server could see that log file as a resource to be served.  The attacker could fetch the resource from the server causing the java script to be executed. This issue affects: DataDirect Connect for JDBC for Amazon Redshift: through 6.0.0.001392, fixed in 6.0.0.001541 DataDirect Connect for JDBC for Apache Cassandra: through 6.0.0.000805, fixed in 6.0.0.000833 DataDirect Connect for JDBC for Hive: through 6.0.1.001499, fixed in 6.0.1.001628 DataDirect Connect for JDBC for Apache Impala: through 6.0.0.001155, fixed in 6.0.0.001279 DataDirect Connect for JDBC for Apache SparkSQL: through 6.0.1.001222, fixed in 6.0.1.001344 DataDirect Connect for JDBC Autonomous REST Connector: through 6.0.1.006961, fixed in 6.0.1.007063 DataDirect Connect for JDBC for DB2: through 6.0.0.000717, fixed in 6.0.0.000964 DataDirect Connect for JDBC for Google Analytics 4: through 6.0.0.000454, fixed in 6.0.0.000525 DataDirect Connect for JDBC for Google BigQuery: through 6.0.0.002279, fixed in 6.0.0.002410 DataDirect Connect for JDBC for Greenplum: through 6.0.0.001712, fixed in 6.0.0.001727 DataDirect Connect for JDBC for Informix: through 6.0.0.000690, fixed in 6.0.0.0851 DataDirect Connect for JDBC for Microsoft Dynamics 365: through 6.0.0.003161, fixed in 6.0.0.3198 DataDirect Connect for JDBC for Microsoft SQLServer: through 6.0.0.001936, fixed in 6.0.0.001957 DataDirect Connect for JDBC for Microsoft Sharepoint: through 6.0.0.001559, fixed in 6.0.0.001587 DataDirect Connect for JDBC for MongoDB: through 6.1.0.001654, fixed in 6.1.0.001669 DataDirect Connect for JDBC for MySQL: through 5.1.4.000330, fixed in 5.1.4.000364 DataDirect Connect for JDBC for Oracle Database: through 6.0.0.001747, fixed in 6.0.0.001776 DataDirect Connect for JDBC for Oracle Eloqua: through 6.0.0.001438, fixed in 6.0.0.001458 DataDirect Connect for JDBC for Oracle Sales Cloud: through 6.0.0.001225, fixed in 6.0.0.001316 DataDirect Connect for JDBC for Oracle Service Cloud: through 5.1.4.000298, fixed in 5.1.4.000309 DataDirect Connect for JDBC for PostgreSQL: through 6.0.0.001843, fixed in 6.0.0.001856 DataDirect Connect for JDBC for Progress OpenEdge: through 5.1.4.000187, fixed in 5.1.4.000189 DataDirect Connect for JDBC for Salesforce: through 6.0.0.003020, fixed in 6.0.0.003125 DataDirect Connect for JDBC for SAP HANA: through 6.0.0.000879, product retired DataDirect Connect for JDBC for SAP S/4 HANA: through 6.0.1.001818, fixed in 6.0.1.001858 DataDirect Connect for JDBC for Sybase ASE: through 5.1.4.000161, fixed in 5.1.4.000162 DataDirect Connect for JDBC for Snowflake: through 6.0.1.001821, fixed in 6.0.1.001856 DataDirect Hybrid Data Pipeline Server: through 4.6.2.3309, fixed in 4.6.2.3430 DataDirect Hybrid Data Pipeline JDBC Driver: through 4.6.2.0607, fixed in 4.6.2.1023 DataDirect Hybrid Data Pipeline On Premises Connector: through 4.6.2.1223, fixed in 4.6.2.1339 DataDirect Hybrid Data Pipeline Docker: through 4.6.2.3316, fixed in 4.6.2.3430 DataDirect OpenAccess JDBC Driver: through 8.1.0.0177, fixed in 8.1.0.0183 DataDirect OpenAccess JDBC Driver: through 9.0.0.0019, fixed in 9.0.0.0022CVE-2025-10703

References

Sources include official advisories and independent security research.