CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-5485

unknowncovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: 2026-013-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/03 13:00 PM PDT Description: The Amazon Athena ODBC driver implements standard ODBC application program interfaces (APIs). The ODBC driver provides access to Amazon Athena from any C/C++ application. The Amazon Athena ODBC driver provides 64-bit ODBC drivers for Windows, Linux and MAC operating systems. We identified the following: - CVE-2026-5485: OS command injection in browser-based authentication component (Linux only, fixed in 2.0.5.1) - CVE-2026-35558: Improper neutralization of special elements in authentication components - CVE-2026-35559: Out-of-bounds write in query processing components - CVE-2026-35560: Improper certificate validation in identity provider connection components - CVE-2026-35561: Insufficient authentication security controls in browser-based authentication components - CVE-2026-35562: Allocation of resources without limits in parsing components Impacted versions: CVE-2026-5485 was addressed in 2.0.5.1 (Linux only). The remaining five (CVE-2026-35558 through CVE-2026-35562) were addressed in version 2.1.0.0 and apply to all supported platforms Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.

CSIRTS triage

What
Multiple vulnerabilities including OS command injection and improper certificate validation have been identified.
Who is affected
Users of the Amazon Athena ODBC driver on Linux and other operating systems.
Urgency
Remediation is critical due to the presence of command injection vulnerabilities.
Action
Upgrade to version 2.0.5.1 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-5485

Get an email if CVE-2026-5485 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-5485

CVE.org record

Embed the live status

CVE-2026-5485 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-5485 status](https://www.csirts.com/badge/CVE-2026-5485)](https://www.csirts.com/cve/CVE-2026-5485)