Improper Certificate Validation in Amazon Athena ODBC Driver
CVE-2026-35560

9.1CRITICAL

Key Information:

Vendor

Amazon

Status
Amazon Athena Odbc Driver
Vendor
CVE Published:
3 April 2026

What is CVE-2026-35560?

An improper certificate validation issue in the identity provider connection components of the Amazon Athena ODBC driver prior to version 2.1.0.0 can expose users to man-in-the-middle attacks. This vulnerability allows attackers to potentially intercept authentication credentials due to inadequate transport security measures during connections with external identity providers. It is crucial for users to upgrade to version 2.1.0.0 to mitigate this risk.

Affected Version(s)

Amazon Athena ODBC driver 2.1.0.0

References

https://downloads.athena.us-east-1.amazonaws.com/drivers/...
patch
https://downloads.athena.us-east-1.amazonaws.com/drivers/...
patch
https://downloads.athena.us-east-1.amazonaws.com/drivers/...
patch

CVSS V4

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.