CRITICAL
AWS
CVE published 2026-05-18
CVE-2026-8838
CVE-2026-8838 is a critical client-side code execution issue in amazon-redshift-python-driver before 2.1.14. The flaw stems from unsafe use of Python eval() on data received from the server in vector_in(), which means a rogue server or man-in-the-middle actor could potentially trigger arbitrary code execution on the client. AWS and the GitHub advisory both direct users to upgrade to version 2.1.14.