CVE-2026-8178HIGH 8.1EPSS p42.8%

CVE-2026-8178CVE-2026-8178

Description

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application context, provided a suitable class is available on the application's classpath. To mitigate this issue, users should upgrade to version 2.2.2 or later.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.57% probability of exploitation · percentile 42.8% · 2026-06-19T12:03:05Z
Published2026-05-08
Last modified2026-05-12

Underlying weaknesses· 1

CWE-470

References

  1. https://aws.amazon.com/security/security-bulletins/2026-028-aws/
  2. https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.2.2
  3. https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-wmmv-vvg5-993q

1

TypeTargetConfidenceTier
WeaknessUse of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')cwe-4700%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-8838
CVE
CVE-2025-70828
CVE
CVE-2026-11400
CVE
CVE-2025-58748
CVE
CVE-2026-35561
CVE
CVE-2025-12967
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.