By weakness (CWE)

CWE-426: related vulnerabilities

CVEs classified under CWE-426. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-11401HIGH 8.0

    A privilege escalation flaw exists in the AWS Advanced Go Wrapper used to connect to Amazon Aurora PostgreSQL databases. A low-privileged, authenticated database user can craft a malicious function that executes when another user connects through the wrapper, allowing them to assume that user's privileges—potentially including rds_superuser access. This requires the attacker to have database credentials and user interaction (such as a targeted user initiating a connection), but once triggered, it grants near-complete database control to an unauthorized actor.