Skip to main content

Amazon Redshift Python Driver CVE-2026-8838

| EUVDEUVD-2026-30803 CRITICAL
Code Injection (CWE-94)
2026-05-18 AMZN GHSA-29h4-r29x-hchv
9.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
May 18, 2026 - 21:30 vuln.today
Analysis Generated
May 18, 2026 - 21:30 vuln.today
CVSS changed
May 18, 2026 - 21:22 NVD
9.8 (CRITICAL) 9.3 (CRITICAL)

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 pypi packages depend on redshift-connector (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2.1.14.

DescriptionCVE.org

Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client.

To remediate this issue, users should upgrade to version 2.1.14.

AnalysisAI

Remote code execution in the amazon-redshift-python-driver (versions prior to 2.1.14) allows a malicious or compromised Redshift server, or a man-in-the-middle attacker positioned on the network path, to execute arbitrary Python code on any client that connects. The root cause is unsafe use of Python's eval() against untrusted server-supplied data inside the vector_in() function. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 9.3 and PR:N/UI:N vector make this a high-priority client-side supply-chain-style risk.

Technical ContextAI

The driver is the official AWS Python connector (cpe:2.3:a:aws:amazon_redshift_connector_for_python) used by data engineers, ETL pipelines, notebooks, and analytics workloads to communicate with Amazon Redshift clusters over the PostgreSQL wire protocol. The vulnerability is a textbook CWE-94 (Improper Control of Generation of Code, i.e. code injection): the vector_in() type-parsing routine passes server-delivered byte data to Python's built-in eval(), which interprets the input as a Python expression. Because eval() evaluates arbitrary expressions including function calls, any value returned by the server in a column of vector type is sufficient to invoke os.system, subprocess, __import__, or any other callable inside the client's Python process.

RemediationAI

Vendor-released patch: upgrade amazon-redshift-python-driver (redshift_connector) to version 2.1.14 or later via pip install --upgrade redshift_connector, as published at https://github.com/aws/amazon-redshift-python-driver/releases/tag/v2.1.14 and described in https://aws.amazon.com/security/security-bulletins/2026-033-aws/ and https://github.com/aws/amazon-redshift-python-driver/security/advisories/GHSA-29h4-r29x-hchv. Until the upgrade is rolled out, ensure all client connections use TLS with verified certificates (sslmode=verify-full) to eliminate the man-in-the-middle path, restrict the connector to connect only to known AWS-owned Redshift endpoints via VPC endpoints or strict egress allow-listing, and avoid using the driver against arbitrary or third-party PostgreSQL-protocol-compatible servers; these controls do not address a maliciously crafted column response from a trusted-but-compromised cluster, so patching remains the only complete fix.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-8838 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy