VDB
CVE-2026-8838
CVE-2026-8838
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14.
EPSS 0.08% · 23.0th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.08%
23.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| aws | amazon_redshift_connector_for_python | 0 |
| AWS | Amazon Redshift connector for Python | 0 |
Timeline
- May 18, 2026 CVE Published
- May 19, 2026 EPSS Score
- May 19, 2026 Coalition ESS Score
- May 19, 2026 PoC Published
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
- May 27, 2026 EPSS Score