Skip to main content

Amazon Athena Odbc Driver CVE-2026-35562

| EUVDEUVD-2026-18859 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-04-03 AMZN
8.7
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Apr 03, 2026 - 20:45 euvd
EUVD-2026-18859
Analysis Generated
Apr 03, 2026 - 20:45 vuln.today
Patch released
Apr 03, 2026 - 20:45 nvd
Patch available
CVE Published
Apr 03, 2026 - 20:10 nvd
HIGH 8.7

DescriptionCVE.org

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations.

To remediate this issue, users should upgrade to version 2.1.0.0.

AnalysisAI

Resource exhaustion in Amazon Athena ODBC driver versions prior to 2.1.0.0 allows unauthenticated remote attackers to trigger denial of service through maliciously crafted input that overwhelms parsing logic. CVSS 7.5 (High) reflects network-accessible attack vector with low complexity and no prerequisites. EPSS data not provided, but no public exploit or CISA KEV listing identified at time of analysis. Amazon has released patches for Windows, Linux, and macOS platforms.

Technical ContextAI

The vulnerability resides in the parsing components of the Amazon Athena ODBC driver, which provides database connectivity for SQL queries against AWS Athena. CWE-770 (Allocation of Resources Without Limits or Throttling) indicates missing resource constraints during input processing operations. ODBC drivers parse connection strings, SQL statements, and result sets-any of these could be attack vectors if the driver fails to implement bounds checking, memory limits, or rate throttling during parsing. The affected component is cpe:2.3:a:amazon:amazon_athena_odbc_driver versions before 2.1.0.0, spanning Windows, Linux, and macOS platforms. Without proper resource governance, attackers can submit specially crafted ODBC requests that cause unbounded memory allocation, CPU consumption, or connection exhaustion, rendering the driver or dependent applications unresponsive.

RemediationAI

Upgrade to Amazon Athena ODBC driver version 2.1.0.0 immediately. Amazon provides platform-specific installers: Windows users should deploy AmazonAthenaODBC-2.1.0.0.msi from https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi, Linux administrators should install AmazonAthenaODBC-2.1.0.0.rpm from the Linux directory, and macOS users should use either AmazonAthenaODBC-2.1.0.0_arm.pkg (Apple Silicon) or AmazonAthenaODBC-2.1.0.0_x86.pkg (Intel processors). Consult AWS security bulletin 2026-013-aws at https://aws.amazon.com/security/security-bulletins/2026-013-aws/ for additional deployment guidance and driver release notes at https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.html. No workarounds are documented; direct upgrade is the recommended mitigation. After installation, verify the driver version reports 2.1.0.0 or later through ODBC administrator tools or application connection diagnostics.

Share

CVE-2026-35562 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy