Description
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through an affected wrapper.



To remediate this issue, users should upgrade to AWS Advanced JDBC Wrapper version 4.0.1.
Published: 2026-06-05
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An untrusted search path flaw in the GlobalDatabasePlugin of the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL enables a remote authenticated low‑privilege user to create a crafted function that executes when a higher‑privileged user connects. This allows the attacker to elevate privileges to another Amazon RDS user, including rds_superuser. The weakness aligns with CWE‑426, representing a command injection or unrestricted path traversal scenario that compromises integrity and confidentiality across database accounts.

Affected Systems

AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL, specifically versions prior to 4.0.1 are impacted. The vulnerability exists in the wrapper’s handling of the GlobalDatabasePlugin and is addressed in release 4.0.1.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity, and while no EPSS value is provided, the lack of a KEV listing suggests no widespread exploitation has been observed to date. The likely attack vector is a remote authenticated connection to the wrapper, enabling the attacker to submit a crafted function. Once the target user connects, the function runs with the target’s privileges, fully realizing the escalation. The exploit requires the attacker to have a low‑privilege account within the same database cluster, making it a targeted insider or credential‑stealing threat.

Generated by OpenCVE AI on June 5, 2026 at 20:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the AWS Advanced JDBC Wrapper to version 4.0.1 or later.
  • Ensure the JDBC wrapper’s search path points only to trusted directories; remove any reliance on the GlobalDatabasePlugin if not needed.
  • Audit and monitor for unexpected function creation or execution patterns within the database cluster.

Generated by OpenCVE AI on June 5, 2026 at 20:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through an affected wrapper. To remediate this issue, users should upgrade to AWS Advanced JDBC Wrapper version 4.0.1.
Title Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL
First Time appeared Aws
Aws aws Advanced Jdbc Wrapper
Weaknesses CWE-426
CPEs cpe:2.3:a:aws:aws_advanced_jdbc_wrapper:*:*:*:*:*:*:*:*
Vendors & Products Aws
Aws aws Advanced Jdbc Wrapper
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Aws Aws Advanced Jdbc Wrapper
cve-icon MITRE

Status: PUBLISHED

Assigner: AMZN

Published:

Updated: 2026-06-05T19:25:09.676Z

Reserved: 2026-06-05T16:33:49.970Z

Link: CVE-2026-11400

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-05T20:17:28.733

Modified: 2026-06-05T20:49:22.527

Link: CVE-2026-11400

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T20:45:04Z

Weaknesses