Tag

Athena

4 briefs RSS

Amazon Athena ODBC Driver OS Command Injection Vulnerability (CVE-2026-5485)

A critical OS command injection vulnerability (CVE-2026-5485) in the Amazon Athena ODBC driver before 2.0.5.1 for Linux allows local attackers to execute arbitrary code via specially crafted connection parameters.

cve-2026-5485 command injection athena odbc linux

2r 1t 1c Apr 4, 2026

high advisory

Amazon Athena ODBC Driver Man-in-the-Middle Vulnerability

2 rules 1 TTP 1 CVE

A man-in-the-middle vulnerability exists in Amazon Athena ODBC driver versions prior to 2.1.0.0 due to improper certificate validation, potentially allowing attackers to intercept authentication credentials when connecting to external identity providers.

cve-2026-35560 athena odbc man-in-the-middle mitm credential-theft

2r 1t 1c Apr 3, 2026

high advisory

Amazon Athena ODBC Driver Authentication Bypass Vulnerability (CVE-2026-35561)

2 rules 2 TTPs 1 CVE

CVE-2026-35561 describes an insufficient authentication security control vulnerability in the browser-based authentication components of the Amazon Athena ODBC driver before version 2.1.0.0, potentially allowing a threat actor to intercept or hijack authentication sessions.

amazon athena odbc authentication hijacking cve-2026-35561

2r 2t 1c Apr 3, 2026

high advisory

Amazon Athena ODBC Driver Command Injection Vulnerability (CVE-2026-35558)

2 rules 2 TTPs 1 CVE

A command injection vulnerability (CVE-2026-35558) exists in the Amazon Athena ODBC driver before 2.1.0.0 due to improper neutralization of special elements in connection parameters, potentially leading to arbitrary code execution or authentication redirection.

command injection cve-2026-35558 athena

2r 2t 1c Apr 3, 2026