Primary

Context

Amazon Athena ODBC Driver OS Command Injection Vulnerability in Browser-Based Authentication Component

Vulnerability

A command injection vulnerability has been identified in the Amazon Athena ODBC driver version 2.0.5.1 prior to 2.0.5.1 on Linux. This vulnerability resides in the browser-based authentication component and could allow a threat actor to execute arbitrary code. The issue arises from improper handling of connection parameters, which can be manipulated and loaded by the driver during user-initiated connections.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands, allowing for arbitrary code execution on the affected system.

Remediation

Users should upgrade to the Amazon Athena ODBC driver version 2.1.0.0 or later. The updated driver can be downloaded from the AWS Athena ODBC 2.x driver release notes page.

Added: Apr 3, 2026, 9:19 PM

Updated: Apr 3, 2026, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.8

remediation

0.0

relevance

5.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.8

remediation

0.0

relevance

5.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Amazon Athena ODBC Driver OS Command Injection Vulnerability in Browser-Based Authentication Component

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating