VYPR
High severity7.4NVD Advisory· Published Apr 3, 2026· Updated Apr 14, 2026

CVE-2026-35560

CVE-2026-35560

Description

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena.

To remediate this issue, users should upgrade to version 2.1.0.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.