Cyber Resilience

CVE-2026-5485

High

Published: 03 April 2026

Published
03 April 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score v4 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 30.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-5485 is a high-severity OS Command Injection (CWE-78) vulnerability in Amazon Athena Odbc. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 30.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5485 is an OS command injection vulnerability (CWE-78) in the browser-based authentication component of the Amazon Athena ODBC driver for Linux, affecting versions prior to 2.0.5.1. The flaw arises when the driver processes specially crafted connection parameters during a local user-initiated connection, potentially enabling arbitrary code execution. Published on April 3, 2026, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts with local access required.

A local threat actor can exploit this vulnerability by tricking a user into initiating a connection with malicious parameters, such as through a controlled data source or configuration file. No privileges are needed (PR:N), but user interaction is required (UI:R), typically involving launching the driver in a browser-based authentication flow. Successful exploitation allows arbitrary OS command execution with the privileges of the local user running the driver.

AWS advisories recommend upgrading to Amazon Athena ODBC driver version 2.0.5.1 or later to remediate the issue, with release notes and updated Linux packages available via official download links. The AWS security bulletin details the vulnerability and patch availability.

EU & UK References

Vulnerability details

OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a…

more

local user-initiated connection. To remediate this issue, users should upgrade to version 2.0.5.1 or later.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection in client-side ODBC driver enables arbitrary code execution on Linux via crafted local connection parameters, directly mapping to client application exploitation and Unix shell command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-33230Same product: Linux Linux Kernel
CVE-2025-33206Same product: Linux Linux Kernel
CVE-2025-9588Same product: Linux Linux Kernel
CVE-2026-31709Same product: Linux Linux Kernel
CVE-2026-35558Same product: Amazon Athena Odbc
CVE-2026-31607Same product: Linux Linux Kernel
CVE-2026-31613Same product: Linux Linux Kernel
CVE-2026-31435Same product: Linux Linux Kernel
CVE-2026-40032Shared CWE-78
CVE-2026-6849Shared CWE-78

Affected Assets

amazon
athena odbc
≤ 2.0.5.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of the OS command injection flaw by upgrading the Amazon Athena ODBC driver to version 2.0.5.1 or later.

prevent

Mandates validation and sanitization of connection parameters to block specially crafted inputs that enable OS command injection.

prevent

Implements memory protections like non-executable memory regions to mitigate arbitrary code execution even if command injection occurs.

References