CVE-2026-8178: Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading

May 14, 2026

Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces (APIs). An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters, potentially allowing code execution in the application context.

References

aws.amazon.com/security/security-bulletins/2026-028-aws
github.com/advisories/GHSA-wmmv-vvg5-993q
github.com/aws/amazon-redshift-jdbc-driver/releases/tag/v2.2.2
github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-wmmv-vvg5-993q
nvd.nist.gov/vuln/detail/CVE-2026-8178

Code Behaviors & Features

Detect and mitigate CVE-2026-8178 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →