Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-12283

Gravedad CVSS v4.0:
MEDIA
Tipo:
CWE-89 Neutralización incorrecta de elementos especiales usados en un comando SQL (Inyección SQL)
Fecha de publicación:
17/07/2026
Última modificación:
17/07/2026

Descripción

*** Pendiente de traducción *** Amazon Athena is a serverless, interactive query service that lets you analyze data directly in Amazon S3 using standard SQL. Athena Query Federation is a feature that allows you to connect to data sources outside of Amazon S3 like DynamoDB, Azure Synapse, and custom connectors using standard SQL syntax.<br /> <br /> <br /> <br /> Improper neutralization of special elements used in an SQL command in the Synapse connector in Amazon aws-athena-query-federation v2022.20.1 through v2026.19.1 might allow an authenticated remote user to execute injected read-only SQL queries that return unintended data from the connected database via a crafted table name.<br /> <br /> <br /> <br /> To remediate this issue, users should upgrade to version v2026.21.1 or later.