Skip to main content

Issues with Amazon Athena ODBC Driver

Bulletin ID: 2026-013-AWS
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 04/3/2026 1:00 PM PST

Description:

The Amazon Athena ODBC driver implements standard ODBC application program interfaces (APIs). The ODBC driver provides access to Amazon Athena from any C/C++ application. The Amazon Athena ODBC driver provides 64-bit ODBC drivers for Windows, Linux and MAC operating systems.

We identified the following:

  • CVE-2026-5485: OS command injection in browser-based authentication component (Linux only, fixed in 2.0.5.1)
  • CVE-2026-35558: Improper neutralization of special elements in authentication components
  • CVE-2026-35559: Out-of-bounds write in query processing components
  • CVE-2026-35560: Improper certificate validation in identity provider connection components
  • CVE-2026-35561: Insufficient authentication security controls in browser-based authentication components
  • CVE-2026-35562: Allocation of resources without limits in parsing components

Impacted versions: CVE-2026-5485 was addressed in 2.0.5.1 (Linux only). The remaining five (CVE-2026-35558 through CVE-2026-35562) were addressed in version 2.1.0.0 and apply to all supported platforms

Resolution:

This issue has been addressed in Amazon Athena ODBC driver version 2.1.0.0. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.

Workarounds
No workaround is available.

Reference:

Windows - https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi
Linux - https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm
macOS 64-bit (ARM) - https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg
macOS 64-bit (Intel) - https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg

 

Please email aws-security@amazon.com with any security questions or concerns.