Severity by source
Sources disagree (Medium–Critical)AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Network parser with no auth gate (PR:N) but requires victim to run crafted SQL (UI:R); SSRF plus session-context SQL execution crosses scope (S:C) with high C/I, while availability impact is limited (A:L).
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionNVD
Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. By supplying crafted SQL content processed through a vulnerable command path, an attacker could cause the victim's environment to issue unintended outbound requests to internal or otherwise non-public network locations, and could cause remote SQL content to be retrieved and executed in the context of the victim user's session. Successful exploitation requires the victim to process attacker-controlled content through a vulnerable command path and is limited by the privileges available to that session and environment. The fix is available in Snowflake CLI version 3.19, which adds an option to disable remote URL retrieval.
AnalysisAI
Server-side request forgery in Snowflake CLI versions 3.6.0 through 3.18.x lets an attacker coerce a victim's CLI session into fetching attacker-chosen remote URLs and then retrieving and executing remote SQL in that session's context. The flaw lives in the SQL statement reader's !source/!load directives, which resolve remote references at runtime without restricting the request destination, so a victim who processes attacker-supplied SQL can be made to reach internal/non-public network locations. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to process attacker-controlled SQL content through a vulnerable command path that invokes the SQL statement reader's !source or !load directives, and requires the running Snowflake CLI to be between 3.6.0 and 3.18.x with remote URL retrieval enabled (the default before 3.19.0). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals conflict and must be weighed rather than read off the 9.6 alone. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker delivers a SQL file (e.g., via a shared repo, support ticket, or 'helpful' setup script) containing a !source or !load directive pointing at an attacker-controlled or internal URL. When the victim runs that script through a pre-3.19 Snowflake CLI, the CLI fetches the remote content - reaching internal systems on the victim's behalf and executing the returned SQL in the victim's authenticated session. … |
| Remediation | Upgrade to the fixed release - Vendor-released patch: Snowflake CLI version 3.19.0, which introduces an option to disable remote URL retrieval; this is the primary and recommended fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify and catalog all Snowflake CLI installations across development, CI/CD, and production systems; determine which are running versions 3.6.0-3.18.x. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Snowflake Cli
View allArbitrary code execution in Snowflake CLI versions prior to 3.19 lets an attacker run code in the context of any develop
SQL injection in Snowflake CLI versions 1.2.2 through 3.18.x allows an attacker to execute unintended SQL statements wit
SQL injection in Snowflake CLI versions 1.1.0 through 3.18.x (fixed in 3.19) lets crafted parameter values reach vulnera
Path traversal in Snowflake CLI versions prior to 3.19 enables arbitrary local file exfiltration to Snowflake cloud serv
Snowflake CLI versions prior to 3.19 write plaintext credentials - including passwords, authentication tokens, and priva
Snowflake CLI versions prior to 3.19 permit self-injection SQL execution through improper neutralization of local CLI pa
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40147
GHSA-6xpv-fwh6-29jc