Authentication Flaw in Amazon Athena ODBC Driver Exposes Users to Code Execution
CVE-2026-35558

7.3HIGH

Key Information:

Vendor

Amazon

Status
Amazon Athena Odbc Driver
Vendor
CVE Published:
3 April 2026

What is CVE-2026-35558?

The Amazon Athena ODBC driver, prior to version 2.1.0.0, contains an authentication vulnerability that arises from improper handling of special elements in its components. This flaw could potentially enable a threat actor to execute arbitrary code or manipulate authentication flows by leveraging specially crafted connection parameters during user-authentication processes. To protect against this security risk, users are strongly encouraged to upgrade to version 2.1.0.0 or later.

Affected Version(s)

Amazon Athena ODBC driver 2.1.0.0

References

https://aws.amazon.com/security/security-bulletins/2026-0...
vendor-advisory
https://downloads.athena.us-east-1.amazonaws.com/drivers/...
patch
https://downloads.athena.us-east-1.amazonaws.com/drivers/...
patch

CVSS V4

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.