{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/aws-advanced-jdbc-wrapper-versions-3.0.0-through-4.0.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8,"id":"CVE-2026-11400"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["AWS Advanced JDBC Wrapper (versions 3.0.0 through 4.0.0)","Amazon Aurora PostgreSQL"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","vulnerability","cloud","aws","postgresql"],"_cs_type":"advisory","_cs_vendors":["Amazon"],"content_html":"\u003cp\u003eA critical privilege escalation vulnerability, tracked as CVE-2026-11400, has been identified in the AWS Advanced JDBC Wrapper when used with Amazon Aurora PostgreSQL instances. This issue affects versions of the wrapper from 3.0.0 up to, but not including, 4.0.1. The vulnerability allows an authenticated user with low privileges to create a specially crafted PostgreSQL function. When executed, this function can exploit the flaw in the JDBC Wrapper to run with the permissions of other Amazon Relational Database Service (RDS) users, specifically escalating to the \u003ccode\u003erds_superuser\u003c/code\u003e role. This grants the attacker full administrative control over the affected Aurora PostgreSQL database, posing a significant risk to data integrity, confidentiality, and availability. Defenders should prioritize patching and monitoring for unusual database activities, especially related to function creation and execution by low-privileged accounts.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated, low-privilege user connects to an affected Amazon Aurora PostgreSQL instance.\u003c/li\u003e\n\u003cli\u003eThe user leverages the vulnerability (CVE-2026-11400) in the AWS Advanced JDBC Wrapper.\u003c/li\u003e\n\u003cli\u003eThe user creates a specially crafted PostgreSQL function designed to exploit the wrapper's insecure handling of permissions.\u003c/li\u003e\n\u003cli\u003eUpon execution, the crafted function bypasses normal permission checks due to the vulnerability present in the AWS Advanced JDBC Wrapper.\u003c/li\u003e\n\u003cli\u003eThe function successfully executes with the elevated permissions of the \u003ccode\u003erds_superuser\u003c/code\u003e role.\u003c/li\u003e\n\u003cli\u003eThe attacker gains full administrative control over the Amazon Aurora PostgreSQL database instance, enabling access to all data and the ability to modify database configurations.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-11400 leads to complete compromise of the Amazon Aurora PostgreSQL database instance. An attacker can gain \u003ccode\u003erds_superuser\u003c/code\u003e privileges, allowing them to access, modify, or delete any data within the database. This includes sensitive customer information, critical application data, and database configurations. Such a breach can result in significant data loss, regulatory non-compliance, reputational damage, and disruption of services relying on the compromised database. The vulnerability affects any organization utilizing the AWS Advanced JDBC Wrapper with Amazon Aurora PostgreSQL in the specified vulnerable versions.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the AWS Advanced JDBC Wrapper to version 4.0.1 or newer to remediate CVE-2026-11400 immediately.\u003c/li\u003e\n\u003cli\u003eApply the recommended workaround by removing the public schema from the search path for your Amazon Aurora PostgreSQL instances.\u003c/li\u003e\n\u003cli\u003eReview PostgreSQL database logs for unusual function creation or execution activities, especially from low-privileged users, as these could indicate attempted exploitation of CVE-2026-11400.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-17T18:41:28Z","date_published":"2026-07-17T18:41:28Z","id":"https://feed.craftedsignal.io/briefs/2026-07-aws-jdbc-privesc/","summary":"A privilege escalation vulnerability (CVE-2026-11400) exists in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL, affecting versions 3.0.0 through 4.0.0. A low-privileged authenticated user can craft a function to execute with rds_superuser permissions.","title":"Privilege Escalation in AWS Advanced JDBC Wrapper for Aurora PostgreSQL","url":"https://feed.craftedsignal.io/briefs/2026-07-aws-jdbc-privesc/"}],"language":"en","title":"CraftedSignal Threat Feed - AWS Advanced JDBC Wrapper (Versions 3.0.0 Through 4.0.0)","version":"https://jsonfeed.org/version/1.1"}