cbcvebase.

Amazon Athena Odbc vulnerabilities

6 known vulnerabilities affecting amazon/athena_odbc.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-35561P2CRITICALCVSS 9.8fixed in 2.1.0.02026-04-03
CVE-2026-35561 [CRITICAL] CWE-862 CVE-2026-35561: Insufficient authentication security controls in the browser-based authentication components in Amaz Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediate this issue, users should upgrade to version 2.1.0
nvd
CVE-2026-5485P3HIGHCVSS 7.8fixed in 2.0.5.12026-04-03
CVE-2026-5485 [HIGH] CWE-78 CVE-2026-5485: OS command injection in the browser-based authentication component in Amazon Athena ODBC driver befo OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To remediate this issue, users should upgrade to version 2.0.
nvd
CVE-2026-35558P3HIGHCVSS 7.8fixed in 2.1.0.02026-04-03
CVE-2026-35558 [HIGH] CWE-77 CVE-2026-35558: Improper neutralization of special elements in the authentication components in Amazon Athena ODBC d Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during user-initiated authentication. To remediate this issue, u
nvd
CVE-2026-35562P3HIGHCVSS 7.5fixed in 2.1.0.02026-04-03
CVE-2026-35562 [HIGH] CWE-770 CVE-2026-35562: Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this issue, users should upgrade to version 2.1.0.0.
nvd
CVE-2026-35559P4MEDIUMCVSS 6.5fixed in 2.1.0.02026-04-03
CVE-2026-35559 [MEDIUM] CWE-787 CVE-2026-35559: Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 m Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0.0.
nvd
CVE-2026-35560P4MEDIUMCVSS 5.9fixed in 2.1.0.02026-04-03
CVE-2026-35560 [MEDIUM] CWE-295 CVE-2026-35560: Improper certificate validation in the identity provider connection components in Amazon Athena ODBC Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity p
nvd
Amazon Athena Odbc vulnerabilities | cvebase