Insufficient Authentication Security in Amazon Athena ODBC Driver
CVE-2026-35561

9.1CRITICAL

Key Information:

Vendor

Amazon

Status
Amazon Athena Odbc Driver
Vendor
CVE Published:
3 April 2026

What is CVE-2026-35561?

The Amazon Athena ODBC driver prior to version 2.1.0.0 contains insufficient authentication security controls in its browser-based authentication components. This vulnerability may expose authentication sessions to threat actors, allowing them to potentially intercept or hijack these sessions due to inadequate security measures within the authentication flow. Users are advised to upgrade to version 2.1.0.0 to mitigate this risk and enhance the security of their authentication processes.

Affected Version(s)

Amazon Athena ODBC driver 2.1.0.0

References

https://downloads.athena.us-east-1.amazonaws.com/drivers/...
patch
https://downloads.athena.us-east-1.amazonaws.com/drivers/...
patch
https://downloads.athena.us-east-1.amazonaws.com/drivers/...
patch

CVSS V4

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.