CVE-2026-12283
Gravedad CVSS v4.0:
MEDIA
Tipo:
CWE-89
Neutralización incorrecta de elementos especiales usados en un comando SQL (Inyección SQL)
Fecha de publicación:
17/07/2026
Última modificación:
17/07/2026
Descripción
*** Pendiente de traducción *** Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL. Athena Query Federation is a feature that allows you to connect to data sources outside of Amazon S3 like DynamoDB, Azure Synapse, and custom connectors using standard SQL syntax.<br />
<br />
<br />
<br />
Improper neutralization of special elements used in an SQL command in the Synapse connector in Amazon aws-athena-query-federation v2022.20.1 through v2026.19.1 might allow an authenticated remote user to execute injected read-only SQL queries that return unintended data from the connected database via a crafted table name.<br />
<br />
<br />
<br />
To remediate this issue, users should upgrade to version v2026.21.1 or later.
Impacto
Puntuación base 4.0
6.10
Gravedad 4.0
MEDIA
Puntuación base 3.x
6.80
Gravedad 3.x
MEDIA



