Skip to main content

Snowflake SQLAlchemy CVE-2026-15736

| EUVDEUVD-2026-43679 HIGH
SQL Injection (CWE-89)
2026-07-14 SNOWFLAKE GHSA-8g6f-qw9x-4q6q
8.3
CVSS 3.1 · Vendor: SNOWFLAKE
Share

Severity by source

Vendor (SNOWFLAKE) PRIMARY
8.3 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
vuln.today AI
8.3 HIGH

Network-reachable via app input with low complexity and no UI; PR:L since the attacker must reach an app already holding a Snowflake role; high C/I from SQLi, low A.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (SNOWFLAKE).

CVSS VectorVendor: SNOWFLAKE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

3
Patch available
Jul 14, 2026 - 18:20 EUVD
Analysis Generated
Jul 14, 2026 - 14:45 vuln.today
CVE Published
Jul 14, 2026 - 14:11 cve.org
HIGH 8.3

DescriptionCVE.org

Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection through attacker-controlled input keys. An attacker may be able to exploit this through request field names in a dynamic upsert endpoint, potentially enabling read access to data visible to the application's database role or modification of values within the same MERGE statement. Improper literal rendering of bound parameters when building certain Snowflake-specific table creation queries could allow SQL injection. An attacker may be able to exploit this by supplying a crafted string to any application endpoint that passes user-controlled data through the affected query-building API, potentially causing arbitrary data exfiltration within the scope of the connection role. Improper forwarding of connection configuration parameters could allow an attacker to cause the library to read arbitrary local files and transmit their contents to an attacker-controlled endpoint. An attacker may be able to exploit this in deployment environments that accept user-controlled connection parameters, potentially exposing sensitive files accessible to the application process. The fix is available in Snowflake SQLAlchemy version 1.11.0. Users must manually upgrade.

AnalysisAI

SQL injection and local file disclosure in Snowflake SQLAlchemy before 1.11.0 lets an authenticated application user abuse three distinct weaknesses: unsanitized column identifiers in MERGE/upsert operations, improper literal rendering of bound parameters in Snowflake-specific table-creation queries, and unsafe forwarding of connection parameters that can be coerced into reading arbitrary local files. Any application built on this dialect that passes user-controlled keys, strings, or connection settings into the affected APIs can leak or modify data within the connection role's scope and, in some deployments, exfiltrate local files to an attacker endpoint. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to vulnerable app (PR:L)
Delivery
Submit crafted column key or string to upsert/table endpoint
Exploit
Break out of identifier/literal context (CWE-89)
Execution
Inject SQL into MERGE/CREATE statement
Persist
Read or modify data in role scope
Impact
Exfiltrate results or local files

Vulnerability AssessmentAI

Exploitation Exploitation requires the target application to be built on Snowflake SQLAlchemy < 1.11.0 AND to pass user-controlled data into one of the affected code paths: (1) attacker-controlled request field names used as column identifier keys in a dynamic MERGE/upsert endpoint, (2) user-supplied strings routed through the Snowflake-specific table-creation query-building API, or (3) user-controlled connection configuration parameters for the local-file-read variant. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L, base 8.3) indicates a network-reachable, low-complexity attack requiring only low privileges and no user interaction, with high confidentiality and integrity impact - consistent with SQL injection exploitable through normal application input. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An application exposes a dynamic upsert endpoint that maps incoming JSON request field names to Snowflake column identifiers via the vulnerable MERGE builder. An authenticated user submits a crafted field name that breaks out of the identifier context, injecting SQL that reads or modifies additional data visible to the application's Snowflake role within the same MERGE statement. …
Remediation Vendor-released patch: 1.11.0 - upgrade Snowflake SQLAlchemy to 1.11.0 or later, which the vendor notes must be applied manually (no automatic update). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all applications and services using Snowflake SQLAlchemy and identify those passing user-controlled data to column identifiers, table creation queries, or connection parameters. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-15736 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy