VYPR
Critical severity9.8NVD Advisory· Published May 18, 2026· Updated May 19, 2026

CVE-2026-8838

CVE-2026-8838

Description

Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client.

To remediate this issue, users should upgrade to version 2.1.14.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
redshift-connectorPyPI
< 2.1.142.1.14

Affected products

4

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.