cvedb.io
CVE-2026-35560
HIGH · CVSS 7.4
EPSS exploitation probability: 0%
Published 2026-04-03T21:17:12.073 · Last modified 2026-06-17T10:40:46.757

Summary

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena. To remediate this issue, users should upgrade to version 2.1.0.0.

Affected products

amazon — athena_odbc

Does this affect you?

Add your gear to cvedb and we'll alert you only when amazon ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.