Critical severity9.8NVD Advisory· Published May 18, 2026· Updated May 19, 2026
CVE-2026-8838
CVE-2026-8838
Description
Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client.
To remediate this issue, users should upgrade to version 2.1.14.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
redshift-connectorPyPI | < 2.1.14 | 2.1.14 |
Affected products
4(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2.1.14
- osv-coords2 versions
< 3.2.1-r4+ 1 more
- (no CPE)range: < 3.2.1-r4
- (no CPE)range: < 3.2.1-r4
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-29h4-r29x-hchvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-8838ghsaADVISORY
- aws.amazon.com/security/security-bulletins/2026-033-awsghsaWEB
- github.com/aws/amazon-redshift-python-driver/commit/69a69dfdead75918e20384da52bcd760ded8dbcaghsaWEB
- github.com/aws/amazon-redshift-python-driver/releases/tag/v2.1.14nvdWEB
- github.com/aws/amazon-redshift-python-driver/security/advisories/GHSA-29h4-r29x-hchvnvdWEB
- aws.amazon.com/security/security-bulletins/2026-033-aws/nvd
News mentions
0No linked articles in our index yet.