CVE-2026-8838
CriticalSummary
Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before version 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client.
Risk Assessment
The organization is at risk of arbitrary code execution, which could lead to data loss or compromise of client systems.
Recommendation
It is recommended to upgrade to version 2.1.14 to remediate this vulnerability.
Original NVD description (English source)
Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. To remediate this issue, users should upgrade to version 2.1.14.

