CVE-2026-35561

Summary

Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows.

To remediate this issue, users should upgrade to version 2.1.0.0.

Affected Software

VendorProductVersion RangeStatus
AmazonAmazon Athena ODBC driver2.1.0.0unaffected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References