OS Command Injection in Amazon Athena ODBC Driver < 2.0.5.1 (Linux)
CVE-2026-5485 Published on April 3, 2026

OS command injection in Amazon Athena ODBC driver on Linux
OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To remediate this issue, users should upgrade to version 2.0.5.1 or later.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-5485 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Shell injection Vulnerability?

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE-2026-5485 has been classified to as a Shell injection vulnerability or weakness.

Affected Versions

Amazon Athena ODBC driver Version 2.0.5.1 is unaffected by CVE-2026-5485

OS Command Injection in Amazon Athena ODBC Driver < 2.0.5.1 (Linux)CVE-2026-5485 Published on April 3, 2026

Vulnerability Analysis

Weakness Type

What is a Shell injection Vulnerability?

Affected Versions

OS Command Injection in Amazon Athena ODBC Driver < 2.0.5.1 (Linux)
CVE-2026-5485 Published on April 3, 2026