PT-2026-30223 · Amazon · Amazon Athena Odbc Driver

Published

2026-04-03

Updated

2026-04-03

CVE-2026-5485

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection.

To remediate this issue, users should upgrade to version 2.0.5.1 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-5485

Affected Products

Amazon Athena Odbc Driver

PT-2026-30223 · Amazon · Amazon Athena Odbc Driver

CVE-2026-5485

Weakness Enumeration

Related Identifiers

Affected Products

References · 8