CVE-2026-11401: CWE-426: Untrusted Search Path in AWS AWS Advanced Go Wrapper
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through the affected wrapper. To remediate this issue, users should upgrade to the AWS Advanced Go Wrapper release 2026-05-26
AI Analysis
Technical Summary
This vulnerability (CVE-2026-11401) is classified as CWE-426 (Untrusted Search Path) and affects the AWS Advanced Go Wrapper component used with Amazon Aurora PostgreSQL. The flaw allows a remote authenticated user with low privileges to escalate their privileges to those of another RDS user, including highly privileged roles such as rds_superuser. The attack vector involves creating a malicious function that executes upon connection of the targeted user through the vulnerable wrapper. The vulnerability has a CVSS 3.1 base score of 8.0, indicating high severity, with network attack vector, low attack complexity, and requiring user interaction. AWS manages this as a cloud service and has provided a patched release (2026-05-26) to remediate the issue.
Potential Impact
Successful exploitation enables a remote authenticated low-privilege user to escalate privileges to those of another Amazon RDS user, including the rds_superuser role. This can lead to full administrative control over the affected database cluster, compromising confidentiality, integrity, and availability of the database environment.
Mitigation Recommendations
AWS has released an updated version of the AWS Advanced Go Wrapper dated 2026-05-26 that addresses this vulnerability. Users should upgrade to this fixed release to remediate the issue. Since this is a cloud-hosted service, AWS manages the remediation process for the service environment. Refer to the official AWS security bulletin at https://aws.amazon.com/security/security-bulletins/2026-039-aws/ for detailed guidance and confirmation of patch status.
CVE-2026-11401: CWE-426: Untrusted Search Path in AWS AWS Advanced Go Wrapper
Description
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through the affected wrapper. To remediate this issue, users should upgrade to the AWS Advanced Go Wrapper release 2026-05-26
CVSS v3.1
Score 8.0high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-11401) is classified as CWE-426 (Untrusted Search Path) and affects the AWS Advanced Go Wrapper component used with Amazon Aurora PostgreSQL. The flaw allows a remote authenticated user with low privileges to escalate their privileges to those of another RDS user, including highly privileged roles such as rds_superuser. The attack vector involves creating a malicious function that executes upon connection of the targeted user through the vulnerable wrapper. The vulnerability has a CVSS 3.1 base score of 8.0, indicating high severity, with network attack vector, low attack complexity, and requiring user interaction. AWS manages this as a cloud service and has provided a patched release (2026-05-26) to remediate the issue.
Potential Impact
Successful exploitation enables a remote authenticated low-privilege user to escalate privileges to those of another Amazon RDS user, including the rds_superuser role. This can lead to full administrative control over the affected database cluster, compromising confidentiality, integrity, and availability of the database environment.
Mitigation Recommendations
AWS has released an updated version of the AWS Advanced Go Wrapper dated 2026-05-26 that addresses this vulnerability. Users should upgrade to this fixed release to remediate the issue. Since this is a cloud-hosted service, AWS manages the remediation process for the service environment. Refer to the official AWS security bulletin at https://aws.amazon.com/security/security-bulletins/2026-039-aws/ for detailed guidance and confirmation of patch status.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- AMZN
- Date Reserved
- 2026-06-05T16:33:50.490Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
- Vendor Advisory Urls
- [{"url":"https://aws.amazon.com/security/security-bulletins/2026-039-aws/","vendor":"AWS"}]
Threat ID: 6a232492e29bf47b50b16f51
Added to database: 6/5/2026, 7:33:38 PM
Last enriched: 6/5/2026, 7:48:54 PM
Last updated: 6/6/2026, 4:01:21 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.