CVE-2026-8178

High

Published: 08 May 2026

Published

08 May 2026

Modified

08 May 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 20.2th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-8178 is a high-severity Unsafe Reflection (CWE-470) vulnerability in Amazon Redshift JDBC Driver (inferred from references). Its CVSS base score is 8.1 (High).

Operationally, ranked at the 20.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-44 Detonation Chambers

addresses: CWE-470

Externally controlled class or code selection can be resolved and invoked inside the chamber, surfacing unsafe reflection without system impact.

NVD Description

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute…

code in the application context, provided a suitable class is available on the application's classpath. To mitigate this issue, users should upgrade to version 2.2.2 or later.

Deeper analysisAI

Automated synthesis unavailable for this CVE.