Vulnerability Description
Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | Athena Odbc | < 2.1.0.0 |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://aws.amazon.com/security/security-bulletins/2026-013-aws/Vendor Advisory
- https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.htmlRelease Notes
- https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmaPatchProduct
- https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/IntelPatchProduct
- https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/APatchProduct
- https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/APatchProduct
FAQ
What is CVE-2026-35559?
CVE-2026-35559 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by t...
How severe is CVE-2026-35559?
CVE-2026-35559 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-35559?
Check the references section above for vendor advisories and patch information. Affected products include: Amazon Athena Odbc, Apple Macos, Linux Linux Kernel, Microsoft Windows.