Amazon Athena ODBC Driver <2.1.0.0: Brows Auth Hijack
CVE-2026-35561 Published on April 3, 2026

Insufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driver
Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediate this issue, users should upgrade to version 2.1.0.0.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-35561 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2026-35561 has been classified to as an AuthZ vulnerability or weakness.


Affected Versions

Amazon Athena ODBC driver Version 2.1.0.0 is unaffected by CVE-2026-35561