High severity7.4NVD Advisory· Published Apr 3, 2026· Updated Apr 14, 2026
CVE-2026-35560
CVE-2026-35560
Description
Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena.
To remediate this issue, users should upgrade to version 2.1.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.1.0.0.0 up to but not including 2.1.0.0
Patches
Vulnerability mechanics
References
6- downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpmnvdPatchProduct
- downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkgnvdPatchProduct
- downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkgnvdPatchProduct
- downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msinvdPatchProduct
- aws.amazon.com/security/security-bulletins/2026-013-aws/nvdVendor Advisory
- docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.htmlnvdRelease Notes
News mentions
0No linked articles in our index yet.