CVE-2026-5485 | Amazon Athena ODBC Driver prior 2.0.5.1 on Linux Browser-based Authentication os command injection

VDB-355205 · CVE-2026-5485 · EUVD-2026-18861 AMAZON ATHENA ODBC DRIVER PRIOR 2.0.5.1 ON LINUX BROWSER-BASED AUTHENTICATION OS COMMAND INJECTION HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 6.4 $0-$5k 0.77+ Summaryinfo A vulnerability marked as critical has been reported in Amazon Athena ODBC Driver on Linux. This issue affects some unknown processing of the component Browser-based Authentication. The manipulation leads to os command injection. This vulnerability is referenced as CVE-2026-5485. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component. Detailsinfo A vulnerability, which was classified as critical, has been found in Amazon Athena ODBC Driver on Linux. This issue affects an unknown code of the component Browser-based Authentication. The manipulation with an unknown input leads to a os command injection vulnerability. Using CWE to declare the problem leads to CWE-78. The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability. The summary by CVE is: OS command injection in the browser-based authentication component in Amazon Athena ODBC driver before 2.0.5.1 on Linux might allow a threat actor to execute arbitrary code by using specially crafted connection parameters that are loaded by the driver during a local user-initiated connection. To remediate this issue, users should upgrade to version 2.0.5.1 or later. The advisory is shared at aws.amazon.com. The identification of this vulnerability is CVE-2026-5485 since 04/03/2026. The exploitation is known to be easy. An attack has to be approached locally. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1202 for this issue. Upgrading to version 2.0.5.1 eliminates this vulnerability. The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2026-18861). Productinfo Type Hardware Driver Software Vendor Amazon Name Athena ODBC Driver License commercial CPE 2.3info 🔒 CPE 2.2info 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA CVSS-B Score: 🔒 CNA CVSS-BT Score: 🔒 CNA Vector: 🔒 CVSSv3info VulDB Meta Base Score: 6.5 VulDB Meta Temp Score: 6.4 VulDB Base Score: 5.3 VulDB Temp Score: 5.1 VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA Base Score: 7.8 CNA Vector (AMZN): 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Os command injection CWE: CWE-78 / CWE-77 / CWE-74 CAPEC: 🔒 ATT&CK: 🔒 Physical: Partially Local: Yes Remote: Partially Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: Athena ODBC Driver 2.0.5.1 Timelineinfo 04/03/2026 Advisory disclosed 04/03/2026 +0 days CVE reserved 04/03/2026 +0 days VulDB entry created 04/04/2026 +1 days VulDB entry last update Sourcesinfo Advisory: aws.amazon.com Status: Confirmed CVE: CVE-2026-5485 (🔒) GCVE (CVE): GCVE-0-2026-5485 GCVE (VulDB): GCVE-100-355205 EUVD: 🔒 Entryinfo Created: 04/03/2026 23:28 Updated: 04/04/2026 02:08 Changes: 04/03/2026 23:28 (77), 04/04/2026 02:08 (1) Complete: 🔍 Cache ID: 99:165:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸