Severity by source
AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Local vector because victim must execute CLI on attacker content locally; PR:N as attacker needs no host privileges; UI:R for required victim action; S:C because data exits to Snowflake cloud; C:H for arbitrary file read with no integrity or availability impact.
Primary rating from Vendor (SNOWFLAKE).
CVSS VectorVendor: SNOWFLAKE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended project boundary, causing Snowflake CLI to read local files and upload or embed their contents during deployment or SQL template processing. Successful exploitation required the victim to process attacker-controlled project content, and retrieval of exfiltrated data depended on access to the victim's Snowflake account artifacts such as query history or uploaded stage content. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.
AnalysisAI
Path traversal in Snowflake CLI versions prior to 3.19 enables arbitrary local file exfiltration to Snowflake cloud services when a victim processes attacker-controlled project or repository content. The CLI fails to restrict file path resolution during deployment or SQL template processing, allowing crafted project files to reference and transmit content from outside the intended project directory boundary to Snowflake-hosted artifacts. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The victim must have a Snowflake CLI version prior to 3.19 installed and must actively execute a deployment or SQL template processing command (such as snow deploy or equivalent) against attacker-controlled project content - this is confirmed by CVSS UI:R (user interaction required). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 6.3 (Medium) with vector AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N accurately reflects the attack model: exploitation is local (the victim must execute the CLI on attacker-supplied content), requires no attacker privileges on the victim system, mandates active victim interaction, and results in a scope change because exfiltrated data leaves the victim's machine and enters Snowflake's cloud environment. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes or shares a malicious Snowflake project template - for example, via a public GitHub repository, a community forum post, or a compromised dependency - containing path-traversal references (such as ../../.aws/credentials) in deployment configuration or SQL template files. When a developer with a pre-3.19 Snowflake CLI clones the repository and runs a deployment or template processing command, the CLI resolves the traversal paths, reads the referenced sensitive files, and uploads or embeds their contents into Snowflake stage storage or query artifacts. … |
| Remediation | Upgrade Snowflake CLI to version 3.19 or later, which is the vendor-confirmed fix per the advisory at https://community.snowflake.com/s/article/Snowflake-CLI-Vulnerability-Advisory; the vendor notes that upgrade must be performed manually as no automatic update mechanism is described. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Snowflake Cli
View allArbitrary code execution in Snowflake CLI versions prior to 3.19 lets an attacker run code in the context of any develop
SQL injection in Snowflake CLI versions 1.2.2 through 3.18.x allows an attacker to execute unintended SQL statements wit
SQL injection in Snowflake CLI versions 1.1.0 through 3.18.x (fixed in 3.19) lets crafted parameter values reach vulnera
Server-side request forgery in Snowflake CLI versions 3.6.0 through 3.18.x lets an attacker coerce a victim's CLI sessio
Snowflake CLI versions prior to 3.19 write plaintext credentials - including passwords, authentication tokens, and priva
Snowflake CLI versions prior to 3.19 permit self-injection SQL execution through improper neutralization of local CLI pa
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40133
GHSA-8394-2w3w-5r9h