CVE-2026-8178: CVE-2026-8178: Remote Code Execution via Unsafe Reflection in Amazon Redshift JDBC…

1 / 2

CVE-2026-8178: CVE-2026-8178: Remote Code Execution via Unsafe Reflection in Amazon Redshift JDBC Driver

DEV Community·CVE Reports·19 days ago

#YRKBjEiN

#commit #security #cve #cybersecurity #jdbc #driver

Reading 0:00

15s threshold

CVE-2026-8178: Remote Code Execution via Unsafe Reflection in Amazon Redshift JDBC Driver Vulnerability ID: CVE-2026-8178 CVSS Score: 8.1 Published: 2026-05-14 The Amazon Redshift JDBC Driver prior to version 2.2.2 contains a remote code execution vulnerability. The driver processes connection properties beginning with the datatype. prefix by passing the user-supplied value to Class.forName() . This allows attackers who control JDBC connection strings to load arbitrary classes and execute malicious code via static initializers within the application's JVM context. TL;DR Unsafe class loading in the Amazon Redshift JDBC Driver (< 2.2.2) permits remote code execution. Attackers controlling JDBC URL properties can trigger arbitrary class instantiation, leading to JVM compromise.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2026-8178: CVE-2026-8178: Remote Code Execution via Unsafe Reflection in Amazon Redshift JDBC Driver