Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Network-reachable via app input with low complexity and no UI; PR:L since the attacker must reach an app already holding a Snowflake role; high C/I from SQLi, low A.
Primary rating from Vendor (SNOWFLAKE).
CVSS VectorVendor: SNOWFLAKE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Lifecycle Timeline
3DescriptionCVE.org
Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection through attacker-controlled input keys. An attacker may be able to exploit this through request field names in a dynamic upsert endpoint, potentially enabling read access to data visible to the application's database role or modification of values within the same MERGE statement. Improper literal rendering of bound parameters when building certain Snowflake-specific table creation queries could allow SQL injection. An attacker may be able to exploit this by supplying a crafted string to any application endpoint that passes user-controlled data through the affected query-building API, potentially causing arbitrary data exfiltration within the scope of the connection role. Improper forwarding of connection configuration parameters could allow an attacker to cause the library to read arbitrary local files and transmit their contents to an attacker-controlled endpoint. An attacker may be able to exploit this in deployment environments that accept user-controlled connection parameters, potentially exposing sensitive files accessible to the application process. The fix is available in Snowflake SQLAlchemy version 1.11.0. Users must manually upgrade.
AnalysisAI
SQL injection and local file disclosure in Snowflake SQLAlchemy before 1.11.0 lets an authenticated application user abuse three distinct weaknesses: unsanitized column identifiers in MERGE/upsert operations, improper literal rendering of bound parameters in Snowflake-specific table-creation queries, and unsafe forwarding of connection parameters that can be coerced into reading arbitrary local files. Any application built on this dialect that passes user-controlled keys, strings, or connection settings into the affected APIs can leak or modify data within the connection role's scope and, in some deployments, exfiltrate local files to an attacker endpoint. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target application to be built on Snowflake SQLAlchemy < 1.11.0 AND to pass user-controlled data into one of the affected code paths: (1) attacker-controlled request field names used as column identifier keys in a dynamic MERGE/upsert endpoint, (2) user-supplied strings routed through the Snowflake-specific table-creation query-building API, or (3) user-controlled connection configuration parameters for the local-file-read variant. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L, base 8.3) indicates a network-reachable, low-complexity attack requiring only low privileges and no user interaction, with high confidentiality and integrity impact - consistent with SQL injection exploitable through normal application input. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An application exposes a dynamic upsert endpoint that maps incoming JSON request field names to Snowflake column identifiers via the vulnerable MERGE builder. An authenticated user submits a crafted field name that breaks out of the identifier context, injecting SQL that reads or modifies additional data visible to the application's Snowflake role within the same MERGE statement. … |
| Remediation | Vendor-released patch: 1.11.0 - upgrade Snowflake SQLAlchemy to 1.11.0 or later, which the vendor notes must be applied manually (no automatic update). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all applications and services using Snowflake SQLAlchemy and identify those passing user-controlled data to column identifiers, table creation queries, or connection parameters. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43679
GHSA-8g6f-qw9x-4q6q