CVE-2026-8178

Published: Mag 08, 2026 Last Modified: Mag 08, 2026
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 9,2
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH 8,1
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application context, provided a suitable class is available on the application's classpath.

To mitigate this issue, users should upgrade to version 2.2.2 or later.

470

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability Other
Potential Impacts:
Execute Unauthorized Code Or Commands Alter Execution Logic Dos: Crash, Exit, Or Restart Other Read Application Data
Applicable Platforms
Languages: Interpreted, Java, PHP
View CWE Details
https://aws.amazon.com/security/security-bulletins/2026-028…
https://aws.amazon.com/security/security-bulletins/2026-028-aws/
https://github.com/aws/amazon-redshift-jdbc-driver/releases…
https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.2.2
https://github.com/aws/amazon-redshift-jdbc-driver/security…
https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-wmm…