VYPR
← All advisories
High severity8.0NVD Advisory· Published Jun 5, 2026· Updated Jun 5, 2026

CVE-2026-11400

CVE-2026-11400

Description

A privilege escalation vulnerability in AWS Advanced JDBC Wrapper for Aurora PostgreSQL allows low-privilege users to gain rds_superuser access via a crafted function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A privilege escalation vulnerability in AWS Advanced JDBC Wrapper for Aurora PostgreSQL allows low-privilege users to gain rds_superuser access via a crafted function.

Vulnerability

An untrusted search path issue exists in the GlobalDatabasePlugin within the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL. This vulnerability affects versions 3.0.0 and later, up to, but not including, 4.0.1. The issue allows a remote, authenticated, low-privilege actor to escalate their privileges.

Exploitation

An attacker with low-privilege authentication can create a crafted function. When another Amazon RDS user connects to the cluster through an affected wrapper, this function is executed with the permissions of that user, potentially including the rds_superuser role.

Impact

Successful exploitation allows a low-privilege actor to escalate their privileges to those of another Amazon RDS user, including the rds_superuser role. This could lead to unauthorized access, modification, or deletion of sensitive data within the Amazon Aurora PostgreSQL cluster.

Mitigation

This issue has been addressed in AWS Advanced JDBC Wrapper version 4.0.1, released on 2026-05-13 [2]. Users should upgrade to this version or later. A workaround is to remove the public schema from the search path [1].

References
  1. CVE-2026-11400 and CVE-2026-11401 - Privilege Escalation in Aurora PostgreSQL using AWS Advanced JDBC Wrapper, AWS Advanced Go Wrapper
  2. Release AWS Advanced JDBC Wrapper - v4.0.1 · aws/aws-advanced-jdbc-wrapper

AI Insight generated on Jun 5, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

3

News mentions

0

No linked articles in our index yet.