Skip to main content

Amazon Athena Odbc Driver CVE-2026-35558

| EUVDEUVD-2026-18851 HIGH
Command Injection (CWE-77)
2026-04-03 AMZN
7.3
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Apr 03, 2026 - 20:45 euvd
EUVD-2026-18851
Analysis Generated
Apr 03, 2026 - 20:45 vuln.today
Patch released
Apr 03, 2026 - 20:45 nvd
Patch available
CVE Published
Apr 03, 2026 - 20:15 nvd
HIGH 7.3

DescriptionCVE.org

Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during user-initiated authentication.

To remediate this issue, users should upgrade to version 2.1.0.0.

AnalysisAI

Command injection in Amazon Athena ODBC driver versions prior to 2.1.0.0 allows local attackers to execute arbitrary code or hijack authentication flows through malicious connection parameters during user-initiated database connections. With a CVSS 7.3 rating, the vulnerability requires user interaction but no authentication (CVSS:4.0 AV:L/PR:N/UI:P), enabling high impact to confidentiality, integrity, and availability on the local system. Vendor-released patches are available across all platforms (Windows, Linux, macOS). No public exploit or active exploitation confirmed at time of analysis, though EPSS data not available for risk calibration.

Technical ContextAI

This vulnerability affects the authentication components of Amazon Athena ODBC driver, a database connectivity interface allowing applications to query Amazon Athena using the Open Database Connectivity standard. The root cause is CWE-77 (Improper Neutralization of Special Elements used in a Command), commonly known as command injection. The driver fails to properly sanitize connection parameters supplied during authentication setup, allowing specially crafted input strings to be interpreted as executable commands rather than data. ODBC drivers typically parse Data Source Name (DSN) strings and connection attributes that can include server addresses, authentication credentials, and driver-specific parameters-any of which could serve as injection vectors if not properly validated. The affected product is identified by CPE cpe:2.3:a:amazon:amazon_athena_odbc_driver:*:*:*:*:*:*:*:* covering all versions before 2.1.0.0 across Windows, Linux, and macOS platforms.

RemediationAI

Upgrade immediately to Amazon Athena ODBC driver version 2.1.0.0, which contains fixes for the command injection vulnerability. Platform-specific installation packages are available directly from AWS: Windows users should install AmazonAthenaODBC-2.1.0.0.msi from https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi; Linux administrators should deploy the RPM from https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm; macOS ARM systems require https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg while Intel Macs need https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg. Until patching is complete, organizations should restrict connection string sources to trusted administrative channels, avoid accepting DSN configurations from untrusted users or files, and implement application-layer validation of connection parameters. Review audit logs for suspicious authentication attempts or unusual connection patterns that might indicate exploitation attempts. No effective workaround exists that maintains full functionality while eliminating risk.

Share

CVE-2026-35558 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy