CVE-2026-35561

CRITICAL9.1

Insufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driver

Published Apr 3, 2026

Modified 5 days ago

Details

Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows.

To remediate this issue, users should upgrade to version 2.1.0.0.

References

ADVISORY

https://aws.amazon.com/security/security-bulletins/2026-013-aws/

WEB

https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.html

FIX

https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm

FIX

https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg

FIX

https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg