CRITICAL SeverityCVSS 4.09.1CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
CVE-2026-35560
Last updated Apr 03, 2026 · Published Apr 03, 2026
Description
Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena. To remediate this issue, users should upgrade to version 2.1.0.0.
Affected products
1 listed- Amazon:Amazon Athena ODBC driver
Mappings
CWE
CWE-295
CAPEC
CAPEC-94
CVE® content © MITRE Corporation. Licensed under the CVE Terms of Use. Terms