CVE-2026-35560 HIGH

CVE-2026-35560: Improper certificate validation in identity provider connection components in Amazon Athena ODBC driver

Weakness CWE-295

Published April 3, 2026

Last update April 7, 2026

View on NVD All CVEs

CVSS base score

7.4/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena. To remediate this issue, users should upgrade to version 2.1.0.0.

Key dates

02Disclosure timeline

April 3, 2026 CVE published

April 7, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-35560 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/295.html

Related vulnerabilities

CVE-2026-35560: Improper certificate validation in identity provider connection components in Amazon Athena ODBC driver

01Description

02Disclosure timeline

03References

04Related CVE