CVE-2026-35558

High

Published: 03 April 2026

Published

03 April 2026

Modified

14 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0004 13.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-35558 is a high-severity Command Injection (CWE-77) vulnerability in Amazon Athena Odbc. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 13.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely patching of known flaws such as this improper neutralization vulnerability in the Athena ODBC driver by upgrading to version 2.1.0.0.

SI-10 Information Input Validation good match

prevent

Requires validation and sanitization of information inputs like specially crafted connection parameters to prevent command injection exploitation during authentication.

CM-11 User-installed Software partial match

prevent

Controls installation and use of user-installed software such as vulnerable ODBC drivers, prohibiting or approving only patched versions.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204 User Execution Execution

An adversary may rely upon specific actions by a user in order to gain execution.

attack.mitre.org →

Why these techniques?

Vulnerability in client-side ODBC driver (CWE-77 command injection) allows arbitrary code execution when user is tricked into authenticating with crafted connection parameters, directly enabling T1203 (Exploitation for Client Execution) and T1204 (User Execution).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the…

driver during user-initiated authentication. To remediate this issue, users should upgrade to version 2.1.0.0.

Deeper analysisAI

CVE-2026-35558 is a vulnerability involving improper neutralization of special elements, classified under CWE-77, in the authentication components of the Amazon Athena ODBC driver versions prior to 2.1.0.0. This flaw affects the driver used for connecting applications to Amazon Athena, a serverless query service, and was published on 2026-04-03. It enables potential exploitation through specially crafted connection parameters processed during user-initiated authentication, with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts.

An attacker with local access can exploit this vulnerability by tricking a user into initiating an authentication process with maliciously crafted connection parameters. No privileges are required (PR:N), but exploitation demands low complexity and user interaction, such as prompting the user to connect via a tampered configuration. Successful exploitation allows arbitrary code execution on the victim's system or redirection of authentication flows, potentially leading to unauthorized access or further compromise.

AWS advisories, including security bulletin 2026-013 and the Athena ODBC v2 driver release notes, recommend upgrading to version 2.1.0.0 as the primary mitigation. Patch downloads are available for Linux, macOS Intel, and macOS ARM architectures via official Athena endpoints.

Details

CWE(s): CWE-77

Affected Products

amazon

athena odbc

≤ 2.1.0.0

CVEs Like This One

CVE-2026-35562Same product: Amazon Athena Odbc

CVE-2026-35560Same product: Amazon Athena Odbc

CVE-2026-35561Same product: Amazon Athena Odbc

CVE-2026-5860Same product: Apple Macos

CVE-2026-7349Same product: Apple Macos

CVE-2026-0902Same product: Apple Macos

CVE-2026-3923Same product: Apple Macos

CVE-2025-11756Same product: Apple Macos

CVE-2025-23360Same product: Apple Macos

CVE-2026-3921Same product: Apple Macos

References

https://aws.amazon.com/security/security-bulletins/2026-013-aws/
Vendor Advisory · ff89ba41-3aa1-4d27-914a-91399e9639e5
https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.html
Release Notes · ff89ba41-3aa1-4d27-914a-91399e9639e5
https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm
Patch, Product · ff89ba41-3aa1-4d27-914a-91399e9639e5
https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg
Patch, Product · ff89ba41-3aa1-4d27-914a-91399e9639e5
https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg
Patch, Product · ff89ba41-3aa1-4d27-914a-91399e9639e5
https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi
Patch, Product · ff89ba41-3aa1-4d27-914a-91399e9639e5