Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable via CI/CD but requires influencing a specific enabled data source's workspace variable (AC:H) with pipeline write access (PR:L); injected SQL under the privileged session yields full C/I/A impact.
Primary rating from Vendor (412d305a-227d-44f9-a262-a31ba44f2aea).
CVSS VectorVendor: 412d305a-227d-44f9-a262-a31ba44f2aea
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration and minting of long-lived access credentials. Exploitation requires the ability for an attacker to influence a workspace variable in a pipeline where this data source was enabled. Improper neutralization of identifier content in user resource inputs could allow DDL injection into user management statements, potentially causing accounts to be created with attacker-controlled credentials and without the security controls configured by the operator. The fix is available in Snowflake Terraform Provider version 2.18.0. Users must manually upgrade.
Articles & Coverage 1
AnalysisAI
SQL and DDL injection in the Snowflake Terraform Provider before 2.18.0 lets an attacker who can influence pipeline workspace variables execute arbitrary SQL inside the provider's privileged Snowflake session (CWE-89), enabling data exfiltration and creation of long-lived credentials. A second flaw allows identifier-injection into user-management DDL, so accounts can be minted with attacker-controlled credentials that bypass operator-configured security controls. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | For the SQL injection path the attacker must be able to influence a workspace/pipeline variable in a Terraform pipeline where the vulnerable data source is explicitly enabled - this specific data source being configured and the attacker having write influence over its variable input is the required, non-default precondition. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The supplied CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base 8.8) marks this network-reachable, low-complexity, low-privilege with high confidentiality/integrity/availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with the ability to contribute to or influence a Terraform CI/CD pipeline sets a malicious value in a workspace variable that feeds the vulnerable data source; on the next plan/apply the provider concatenates that value into SQL and executes it under the privileged Snowflake session, letting the attacker read sensitive tables and create a long-lived personal access token or user. No public exploit code was identified, and the network attack vector is gated by needing write influence over pipeline variables (PR:L, authenticated). |
| Remediation | Vendor-released patch: 2.18.0 - upgrade the Snowflake Terraform Provider to 2.18.0 or later by updating the version constraint in your Terraform configuration and running an init/upgrade; the vendor notes the upgrade is manual and not automatic. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit deployment inventory to identify all instances of Snowflake Terraform Provider and confirm versions in use. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Va
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute
Account takeover in self-hosted Bitwarden Server before 2026.6.0 lets a low-privileged organization member steal any oth
vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. Rated cri
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, w
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows re
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo help
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Rated high sev
Coder allows organizations to provision remote development environments via Terraform. Rated high severity (CVSS 8.1), t
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42284
GHSA-gg43-cq29-hhv2