VYPR
← All advisories
Critical severity9.8NVD Advisory· Published May 18, 2026· Updated May 19, 2026

CVE-2026-8838

CVE-2026-8838

Description

Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client.

To remediate this issue, users should upgrade to version 2.1.14.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A critical eval() injection in amazon-redshift-python-driver <=2.1.13 lets a rogue server or MITM execute arbitrary code on the client.

Vulnerability

The vector_in() function in the amazon-redshift-python-driver, versions 2.1.13 and earlier, unsafely passes server-received data to Python's built-in eval() function without proper validation [1][2][3]. This allows a malicious Redshift server or a man-in-the-middle attacker to inject arbitrary Python code that gets executed on the client during query result processing.

Exploitation

An attacker must control the server the client connects to, or be positioned as a man-in-the-middle on the network path, capable of modifying the query responses [2][3]. No authentication or prior access to the client is required. The attacker crafts a specially designed query response that, when processed by the vulnerable vector_in() routine, triggers code execution via eval().

Impact

Successful exploitation results in arbitrary code execution on the client with the privileges of the running client application [3]. An attacker could execute commands, read or write files, steal credentials, or pivot to other systems reachable from the client host. The vulnerability is rated CVSS 9.8 (Critical) with network attack vector, no privileges required, and no user interaction needed.

Mitigation

A fix was released in amazon-redshift-python-driver version 2.1.14 [1][2][3]. Users should upgrade to this version immediately. There is no known workaround for older versions; any forked or derivative code must also be patched to incorporate the fix [2][3]. The issue is tracked as GHSA-29h4-r29x-hchv [2][3].

References
  1. Release v2.1.14 · aws/amazon-redshift-python-driver
  2. CVE-2026-8838 - Remote Code Execution in amazon-redshift-python-driver
  3. Remote Code Execution via eval() Injection in amazon-redshift-python-driver

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

1
69a69dfdead7

Replaced eval() usage in vector_in() type handler with integer parsing

https://github.com/aws/amazon-redshift-python-driverSubham KumarMay 18, 2026Fixed in 2.1.14via llm-release-walk
commit
2 files changed · +45 21
  • redshift_connector/utils/type_utils.py+4 21 modified
    @@ -83,7 +83,10 @@ def int2_recv(data: bytes, offset: int, length: int) -> int:
 
 
 def vector_in(data: bytes, idx: int, length: int) -> typing.List:
-    return eval("[" + data[idx : idx + length].decode(_client_encoding).replace(" ", ",") + "]")
+    text = data[idx : idx + length].decode(_client_encoding).strip()
+    if not text:
+        return []
+    return [int(x) for x in text.split()]
 
 
 def int4_recv(data: bytes, offset: int, length: int) -> int:
@@ -222,26 +225,6 @@ def intervald2s_send_integer(v: IntervalDayToSecond) -> bytes:
     return typing.cast(bytes, q_pack(microseconds))
 
 
-glbls: typing.Dict[str, type] = {"Decimal": Decimal}
-trans_tab = dict(zip(map(ord, "{}"), "[]"))
-
-
-# def array_in(data: bytes, idx: int, length: int) -> typing.List:
-#     arr: typing.List[str] = []
-#     prev_c = None
-#     for c in data[idx:idx + length].decode(
-#             _client_encoding).translate(
-#         trans_tab).replace('NULL', 'None'):
-#         if c not in ('[', ']', ',', 'N') and prev_c in ('[', ','):
-#             arr.extend("Decimal('")
-#         elif c in (']', ',') and prev_c not in ('[', ']', ',', 'e'):
-#             arr.extend("')")
-#
-#         arr.append(c)
-#         prev_c = c
-#     return typing.cast(typing.List, eval(''.join(arr), glbls))
-
-
 def numeric_in_binary(data: bytes, offset: int, length: int, scale: int) -> Decimal:
     raw_value: int
  • test/unit/test_type_utils.py+41 0 modified
    @@ -84,3 +84,44 @@ def test_timestamp_recv_integer(_input) -> None:
     print(type_utils.timestamp_recv_integer(in_val, 0, 0))
     print(EPOCH.timestamp() * 1000)
     assert type_utils.timestamp_recv_integer(in_val, 0, 0) == exp_val
+
+
+# --- vector_in tests ---
+
+vector_in_normal_data: typing.List[typing.Tuple[bytes, typing.List[int]]] = [
+    (b"1 2 3", [1, 2, 3]),
+    (b"1", [1]),
+    (b"0", [0]),
+    (b"-1", [-1]),
+    (b"-32768", [-32768]),
+    (b"32767", [32767]),
+    (b"-1 2 -3", [-1, 2, -3]),
+    (b"1 0 3", [1, 0, 3]),
+    (b"", []),
+]
+
+
+@pytest.mark.parametrize("_input", vector_in_normal_data)
+def test_vector_in_normal(_input) -> None:
+    """Verify vector_in correctly parses space-separated int16 values."""
+    data, expected = _input
+    result = type_utils.vector_in(data, 0, len(data))
+    assert result == expected
+    for val in result:
+        assert isinstance(val, int)
+
+
+vector_in_injection_payloads: typing.List[bytes] = [
+    b"__import__('os').system('echo exploited')",
+    b"__import__('os').uname().sysname",
+    b"__import__('subprocess').check_output(['whoami'])",
+    b"open('/etc/passwd').read()",
+    b"exec('import os')",
+]
+
+
+@pytest.mark.parametrize("payload", vector_in_injection_payloads)
+def test_vector_in_rejects_code_injection(payload) -> None:
+    """Verify vector_in raises an exception for non-integer input instead of executing it."""
+    with pytest.raises((ValueError, TypeError)):
+        type_utils.vector_in(payload, 0, len(payload))

Vulnerability mechanics

Root cause

"Unsafe use of Python's eval() on server-received data in the vector_in() function allows arbitrary code execution."

Attack vector

An attacker who controls a Redshift server (rogue server) or is positioned as a man-in-the-middle can inject malicious Python code into data returned to the client. The client's vector_in() function passes this server-received data directly to Python's eval() without sanitization [CWE-94]. No authentication or user interaction is required beyond the client connecting to the attacker-controlled server. The CVSS vector indicates network-based exploitation with low complexity and no privileges required [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H].

Affected code

The vulnerability resides in the vector_in() function within the amazon-redshift-python-driver. This function uses Python's built-in eval() on data received from the server, which allows arbitrary code execution when an attacker controls the server response. The patch [patch_id=918472] addresses this in the repository at https://github.com/aws/amazon-redshift-python-driver.

What the fix does

The patch [patch_id=918472] replaces the unsafe eval() call with a safer parsing mechanism that does not interpret arbitrary Python expressions. Instead of evaluating server-supplied strings as code, the fix uses structured parsing to extract the intended data values. This closes the code injection vector by ensuring that server-received input is treated as data, not executable code.

Preconditions

  • networkAttacker must control the Redshift server the client connects to, or be positioned as a man-in-the-middle between client and server.
  • inputThe server must return crafted data containing malicious Python code that will be passed to eval().

Generated on May 20, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.