diff --git a/common/src/main/java/org/apache/drill/common/exceptions/UserException.java b/common/src/main/java/org/apache/drill/common/exceptions/UserException.java
index 550d2899cbb..fd0a3d9e230 100644
--- a/common/src/main/java/org/apache/drill/common/exceptions/UserException.java
+++ b/common/src/main/java/org/apache/drill/common/exceptions/UserException.java
@@ -23,6 +23,7 @@
 import java.io.File;
 import java.io.FileWriter;
 import java.lang.management.ManagementFactory;
+import java.util.Arrays;
 
 import org.apache.drill.exec.proto.CoordinationProtos;
 import org.apache.drill.exec.proto.CoordinationProtos.DrillbitEndpoint;
@@ -507,9 +508,16 @@ public Builder message(final String format, final Object... args) {
       // we can't replace the message of a user exception
       if (uex == null && format != null) {
         if (args.length == 0) {
+          // No arguments: treat the provided text as the full message.
           message = format;
         } else {
-          message = String.format(format, args);
+          // Avoid treating user-controlled input as a format string. Instead,
+          // append the argument values in a simple, predictable way.
+          StringBuilder sb = new StringBuilder(format);
+          sb.append(" [");
+          sb.append(Arrays.toString(args));
+          sb.append(']');
+          message = sb.toString();
         }
       }
       return this;