CVE Catalog

CVE-2026-8838

Critical
Published: Translated: NVD NIST

Summary

Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before version 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client.

Risk Assessment

The organization is at risk of arbitrary code execution, which could lead to data loss or compromise of client systems.

Recommendation

It is recommended to upgrade to version 2.1.14 to remediate this vulnerability.

Original NVD description (English source)

Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS