CVE-2026-35560 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threa…
Critical CVSS: 9.1

CVE-2026-35560

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena.

To remediate this issue, users should upgrade to version 2.1.0.0.
Vendor
-
Product
-
CWE
CWE-295
Yayın Tarihi
2026-04-03 21:17:12
Güncelleme
2026-04-07 13:20:55
Source Identifier
ff89ba41-3aa1-4d27-914a-91399e9639e5
KEV Date Added
-

Kategoriler

CWE-295 CRITICAL 2026

Referanslar

https://aws.amazon.com/security/security-bulletins/2026-013-aws/ https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.html https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi