SQL Injection Vulnerability in Amazon Athena Query Federation by AWS
CVE-2026-12283
6.1MEDIUM
What is CVE-2026-12283?
The Synapse connector in Amazon Athena's query federation feature is susceptible to an SQL injection vulnerability due to improper handling of special characters in SQL commands. An authenticated remote user could exploit this vulnerability by crafting malicious table names, enabling the execution of unauthorized read-only SQL queries. These queries could yield sensitive data from connected databases, including sources such as DynamoDB and Azure Synapse. To mitigate this risk, users are advised to update to version v2026.21.1 or later.
Affected Version(s)
aws-athena-query-federation v2022.20.1
