CVE-2026-35558

HIGH

Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during user-initiated authentication. To remediate this issue, users should upgrade to version 2.1.0.0.

CVSS v3.1 Score

7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Complexity
LOW
Privileges
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 4/3/2026Modified: 4/14/2026

Related Intelligence (1)

LOWVulnerability

Issues with Amazon Athena ODBC Driver

<p><b>Bulletin ID:</b> 2026-013-AWS<br> <b>Scope:</b> AWS<br> <b>Content Type:</b> Important (requires attention)<br> <b>Publication Date:</b> 2026/04/03 13:00 PM PDT</p> <p><b>Description:</b></p> <p>The Amazon Athena ODBC driver implements standard ODBC application program interfaces (APIs). The ODBC driver provides access to Amazon Athena from any C/C++ application. The Amazon Athena ODBC drive

CVE-2026-5485CVE-2026-35558
AWS Security Bulletins

References (6)

https://aws.amazon.com/security/security-bulletins/2026-013-aws/Vendor Advisoryhttps://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.htmlRelease Noteshttps://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpmPatchProducthttps://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkgPatchProducthttps://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkgPatchProducthttps://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msiPatchProduct