Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora...

8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Description

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through an affected wrapper.

To remediate this issue, users should upgrade to AWS Advanced JDBC Wrapper version 4.0.1.

Basic Information

ID CVE-2026-11400

Source AMZN

Published Jun 5, 2026 at 19:07

Modified Jun 5, 2026 at 19:25

Affected Product

Vendor AWS

Product AWS Advanced JDBC Wrapper

Version 3.0.0

Affected Versions AWS AWS Advanced JDBC Wrapper 3.0.0

CWE Classification

CWE-426

References

{
    "lastseen": "",
    "description": "An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through an affected wrapper.\n\n\n\nTo remediate this issue, users should upgrade to AWS Advanced JDBC Wrapper version 4.0.1.",
    "published": "2026-06-05T19:07:02.459Z",
    "modified": "2026-06-05T19:25:09.676Z",
    "type": "cve",
    "title": "Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL",
    "source": "AMZN",
    "references": "https://github.com/aws/aws-advanced-jdbc-wrapper/releases/tag/4.0.1\nhttps://aws.amazon.com/security/security-bulletins/2026-039-aws/\nhttps://www.cve.org/cverecord?id=CVE-2026-11400",
    "id": "CVE-2026-11400",
    "bulletinFamily": "",
    "cwe": [
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "AWS AWS Advanced JDBC Wrapper 3.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AWS Advanced JDBC Wrapper",
    "version": "3.0.0",
    "vendor": "AWS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL_CVE-2026-11400