216.73.217.19

CVE-2026-5485

· Published 03/04/2026 21:17 · Modified 03/04/2026 21:17

Labels: CVE-2026-5485 2026-04-03CVE-2026-5485CWE-78ff89ba41-3aa1-4d27-914a-91399e9639e5

Essential information

Published
03/04/2026 21:17
Modified
03/04/2026 21:17
Author
Creator
CVSS
7.3 HIGH (v3) 7.3 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To remediate this issue, users should upgrade to version 2.0.5.1 or later.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
ff89ba41-3aa1-4d27-914a-91399e9639e5
NVD
View on NVD

Affected products (CPE)

ProductCPE
amazon / amazon athena odbc driver cpe:2.3:a:amazon:amazon_athena_odbc_driver:<2.0.5.1:*:*:*:*:*:*:*

References