Skip to main content

Snowflake CLI CVE-2026-13750

| EUVDEUVD-2026-40137 MEDIUM
Insertion of Sensitive Information into Log File (CWE-532)
2026-06-29 SNOWFLAKE GHSA-hrp8-4956-5gr5
5.5
CVSS 3.1 · Vendor: SNOWFLAKE
Share

Severity by source

Vendor (SNOWFLAKE) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
5.5 MEDIUM

Local filesystem read access and a low-privileged account are required; only confidentiality is impacted as credentials are exposed but no data is modified or made unavailable.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (SNOWFLAKE).

CVSS VectorVendor: SNOWFLAKE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Patch available
Jun 29, 2026 - 18:01 EUVD
Analysis Generated
Jun 29, 2026 - 16:35 vuln.today

DescriptionCVE.org

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as passwords, tokens, or private key material to be exposed without additional application-level safeguards. Successful exploitation requires credentials to be present in the affected connection context and the resulting logs to be accessible from the local environment. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.

AnalysisAI

Snowflake CLI versions prior to 3.19 write plaintext credentials - including passwords, authentication tokens, and private key material - to persistent local debug log files due to CWE-532 (Insertion of Sensitive Information into Log File). Any local user account with read access to the affected user's log directory can harvest these credentials without needing application-level privileges. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local system access
Delivery
Locate Snowflake CLI debug log directory
Exploit
Read plaintext credential material from log files
Execution
Authenticate to Snowflake cloud with harvested credentials
Impact
Exfiltrate or manipulate cloud data

Vulnerability AssessmentAI

Exploitation Exploitation requires two concrete conditions to both be satisfied: (1) the target user must have run Snowflake CLI with credentials present in the connection context (i.e., a configured connection profile containing a password, token, or private key), which causes those credentials to be written to the local debug log; and (2) the attacker must have local filesystem read access to the directory containing those log files, requiring at minimum a low-privileged local account on the same system (consistent with PR:L in the CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H) accurately characterizes this as a local, low-complexity issue requiring a low-privileged account - consistent with a scenario where a second local user or a compromised process reads log files written by the CLI user. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained a low-privileged local account on a developer's workstation or CI/CD runner - through phishing, a supply-chain compromise, or pivoting from another vulnerability - navigates to the Snowflake CLI log directory and reads the plaintext debug logs. The logs contain the victim's Snowflake password, session token, or private key, which the attacker then uses to authenticate directly to the victim's Snowflake account and exfiltrate data. …
Remediation Upgrade Snowflake CLI to version 3.19 or later; this is a manual upgrade and does not occur automatically. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13750 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy