High severity7.5NVD Advisory· Published Apr 3, 2026· Updated Apr 14, 2026

CVE-2026-35562

Description

Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations.

To remediate this issue, users should upgrade to version 2.1.0.0.

Affected products

Amazon (company)/Athena Odbc
cpe:2.3:a:amazon:athena_odbc:*:*:*:*:*:*:*:*
Range: <2.1.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpmnvdPatch
downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkgnvdPatch
downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkgnvdPatch
downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msinvdPatch
aws.amazon.com/security/security-bulletins/2026-013-aws/nvdVendor Advisory
docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.htmlnvdRelease Notes

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000