Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Local vector and high complexity reflect self-injection via deliberate local CLI argument supply; PR:L requires an authenticated session; no availability impact applies.
Primary rating from Vendor (SNOWFLAKE).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionNVD
Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the context of that user's Snowflake session. Successful exploitation is constrained to self-injection because the vulnerable parameters were supplied directly through local CLI arguments rather than through project files, repositories, or other external input sources, and impact is limited to the privileges already available to the current session. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.
AnalysisAI
Snowflake CLI versions prior to 3.19 permit self-injection SQL execution through improper neutralization of local CLI parameters in Cortex SQL and object listing command paths, where crafted argument values cause the tool to construct and execute unintended SQL within the authenticated user's existing Snowflake session. Exploitation is structurally constrained to self-injection - the attacker must themselves supply the malicious values via local CLI arguments, and impact cannot exceed the privileges already held by the current session context. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local execution of Snowflake CLI on the attacker's own machine (AV:L), an active authenticated Snowflake session under low-privileged credentials (PR:L), and deliberate use of the Cortex SQL or object listing command paths with crafted argument values (AC:H). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N yields a score of 3.6 (Low), and the signal alignment across all available sources supports treating this as genuinely low priority in most environments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A user running Snowflake CLI invokes a Cortex SQL or object listing command and supplies a crafted string as a CLI argument - for example, embedding SQL metacharacters or additional SQL statements in a value passed to a vulnerable parameter. The CLI, failing to sanitize the input, incorporates the crafted value directly into the SQL query sent to Snowflake, causing unintended SQL to execute under the user's current session permissions. … |
| Remediation | The primary fix is upgrading Snowflake CLI to version 3.19 or later; Snowflake has confirmed this version contains the patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Snowflake Cli
View allArbitrary code execution in Snowflake CLI versions prior to 3.19 lets an attacker run code in the context of any develop
SQL injection in Snowflake CLI versions 1.2.2 through 3.18.x allows an attacker to execute unintended SQL statements wit
SQL injection in Snowflake CLI versions 1.1.0 through 3.18.x (fixed in 3.19) lets crafted parameter values reach vulnera
Server-side request forgery in Snowflake CLI versions 3.6.0 through 3.18.x lets an attacker coerce a victim's CLI sessio
Path traversal in Snowflake CLI versions prior to 3.19 enables arbitrary local file exfiltration to Snowflake cloud serv
Snowflake CLI versions prior to 3.19 write plaintext credentials - including passwords, authentication tokens, and priva
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40132
GHSA-656q-44hg-7hm7