This Amazon Security Bulletin details important vulnerabilities found in the Amazon Athena ODBC driver, which provides C/C++ applications access to Amazon Athena on Windows, Linux, and Mac. The driver implements standard ODBC APIs. Six CVEs were identified, ranging from OS command injection to improper certificate validation and insufficient authentication controls. Specifically, CVE-2026-5485, an OS command injection flaw, affected only Linux systems and was resolved in version 2.0.5.1. The other five vulnerabilities, CVE-2026-35558 through CVE-2026-35562, impacted all supported platforms. These remaining issues included improper neutralization of special elements, out-of-bounds write errors, improper certificate validation, insufficient authentication controls, and resource allocation without limits. All five of these broader vulnerabilities were successfully addressed in version 2.1.0.0 of the Amazon Athena ODBC driver. Users are strongly advised to update their drivers to the patched versions to mitigate these security risks. Referencing the provided article will offer the most current and comprehensive information regarding this security bulletin.