EUVD-2026-18857CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediate this issue, users should upgrade to version 2.1.0.0.
Analysis
Browser-based authentication session hijacking in Amazon Athena ODBC driver versions prior to 2.1.0.0 allows remote unauthenticated attackers to intercept authentication sessions, potentially compromising confidentiality and integrity of database access. The vulnerability stems from insufficient authentication security controls (CWE-862) in browser-based authentication flows. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running Amazon Athena ODBC driver and identify current versions in use. Within 7 days: Test and deploy Athena ODBC driver version 2.1.0.0 or later across Windows, Linux, and macOS environments; prioritize production systems. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today