CVE-2026-35560 in Athena ODBC Driver
Resumen (Inglés)
Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena.
To remediate this issue, users should upgrade to version 2.1.0.0.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Responsable
AMZN
Reservar
2026-04-03
Divulgación
2026-04-04
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 355188 | Amazon Athena ODBC Driver autenticación débil | 295 | No está definido | Arreglo oficial | CVE-2026-35560 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV