CVE-2026-35561CRITICAL 9.8EPSS p37.2%

CVE-2026-35561CVE-2026-35561

Description

Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediate this issue, users should upgrade to version 2.1.0.0.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.47% probability of exploitation · percentile 37.2% · 2026-06-19T12:03:05Z
Published2026-04-03
Last modified2026-04-14

Underlying weaknesses· 1

CWE-862

References

  1. https://aws.amazon.com/security/security-bulletins/2026-013-aws/
  2. https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.html
  3. https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm
  4. https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg
  5. https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg
  6. https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-8178
CVE
CVE-2026-35548
CVE
CVE-2026-8838
CVE
CVE-2026-21262
CVE
CVE-2025-12967
CVE
CVE-2025-53763
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.