HIGHCVE-2026-35558Published 2026-04-03Modified 2026-04-07CNA AMZN

CVE-2026-35558: Improper neutralization of special elements in authentication components in Amazon Athena ODBC driver

Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during user-initiated authentication. To remediate this issue, users should upgrade to version 2.1.0.0.

CVSS v4.0: 7.3
Severity: HIGH
Fixed in: 2.1.0.0
Affected Products: 1

Fix available

2.1.0.0

Patch commits

downloads.athena.us-east-1.amazonaws.com
downloads.athena.us-east-1.amazonaws.com
downloads.athena.us-east-1.amazonaws.com
downloads.athena.us-east-1.amazonaws.com

Affected packages

Amazon / Amazon Athena ODBC driver
Fixed in 2.1.0.0

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

aws.amazon.com
downloads.athena.us-east-1.amazonaws.com
downloads.athena.us-east-1.amazonaws.com
downloads.athena.us-east-1.amazonaws.com
downloads.athena.us-east-1.amazonaws.com
docs.aws.amazon.com

Metrics

Fix available