Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attacker needs no credentials (PR:N) but the victim must process malicious content through a CLI command (UI:R); injected SQL yields full read/write/destroy within the session, so C/I/A:H.
Primary rating from Vendor (SNOWFLAKE).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionNVD
Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL in the context of the victim user's Snowflake session. Successful exploitation requires the victim to process attacker-controlled content through a vulnerable command path and is limited by the privileges assigned to that session. The fix is available in Snowflake CLI version 3.19. Users must manually upgrade.
AnalysisAI
SQL injection in Snowflake CLI versions 1.2.2 through 3.18.x allows an attacker to execute unintended SQL statements within a victim's authenticated Snowflake session by planting crafted repository content, project configuration, manifest, or specification input. When a developer processes that attacker-controlled content through a vulnerable command path, the injected SQL runs with the victim's session privileges, enabling data theft, modification, or destruction up to that user's authorization level. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to process attacker-controlled content - specifically crafted repository content, project configuration, manifest data, or specification input - through a vulnerable Snowflake CLI command path (UI:R confirmed in the CVSS vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and point to a real but interaction-gated risk rather than a mass-exploitation emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes or contributes a Snowflake CLI project (or pull request) containing a manifest or specification field with embedded malicious SQL. A developer clones the repository and runs a Snowflake CLI command (e.g., deploy or build) against it, at which point the CLI submits the attacker's injected SQL to the developer's authenticated Snowflake session, exfiltrating or altering data the developer can access. … |
| Remediation | Vendor-released patch: Snowflake CLI version 3.19.0 - upgrade to 3.19.0 or later, noting that Snowflake states users must MANUALLY upgrade (there is no automatic update), so pin the new version explicitly in developer machines, build images, and CI/CD pipelines. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Snowflake CLI instances in your environment running versions 1.2.2 through 3.18.x via asset inventory. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Snowflake Cli
View allArbitrary code execution in Snowflake CLI versions prior to 3.19 lets an attacker run code in the context of any develop
SQL injection in Snowflake CLI versions 1.1.0 through 3.18.x (fixed in 3.19) lets crafted parameter values reach vulnera
Server-side request forgery in Snowflake CLI versions 3.6.0 through 3.18.x lets an attacker coerce a victim's CLI sessio
Path traversal in Snowflake CLI versions prior to 3.19 enables arbitrary local file exfiltration to Snowflake cloud serv
Snowflake CLI versions prior to 3.19 write plaintext credentials - including passwords, authentication tokens, and priva
Snowflake CLI versions prior to 3.19 permit self-injection SQL execution through improper neutralization of local CLI pa
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40129
GHSA-6whc-m7mm-g2x4