This page lists publicly disclosed CVE vulnerabilities affecting amazon athena_odbc (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-5485 | OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To remediate this issue, users should upgrade to version 2.0.5.1 or later. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.3 | 0.73% | 2026-04-03 | 2026-06-17 |
| CVE-2026-35562 | Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this issue, users should upgrade to version 2.1.0.0. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 8.7 | 0.38% | 2026-04-03 | 2026-06-17 |
| CVE-2026-35561 | Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediate this issue, users should upgrade to version 2.1.0.0. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 9.1 | 0.47% | 2026-04-03 | 2026-06-17 |
| CVE-2026-35560 | Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena. To remediate this issue, users should upgrade to version 2.1.0.0. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 9.1 | 0.26% | 2026-04-03 | 2026-06-17 |
| CVE-2026-35559 | Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0.0. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.1 | 0.27% | 2026-04-03 | 2026-06-17 |
| CVE-2026-35558 | Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during user-initiated authentication. To remediate this issue, users should upgrade to version 2.1.0.0. | ff89ba41-3aa1-4d27-914a-91399e9639e5 | 7.3 | 0.27% | 2026-04-03 | 2026-06-17 |