Skip to main content

Snowflake Connector For Python

1 CVEs product

Monthly

CVE-2026-15925 CRITICAL PATCH Act Now

Improper TLS hostname verification in the Snowflake Connector for Python (versions before 4.7.1) lets an on-path attacker defeat HTTPS certificate validation, accepting any certificate signed by any trusted CA regardless of the requested hostname. An adversary who can intercept traffic can decrypt and tamper with connector sessions, exposing Snowflake credentials, query results, and staged file data, and can inject arbitrary SQL bounded by the victim role's privileges. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the reporting vendor (Snowflake) rates it CVSS 4.0 9.2.

Python Authentication Bypass Snowflake Connector For Python
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.2%
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Improper TLS hostname verification in the Snowflake Connector for Python (versions before 4.7.1) lets an on-path attacker defeat HTTPS certificate validation, accepting any certificate signed by any trusted CA regardless of the requested hostname. An adversary who can intercept traffic can decrypt and tamper with connector sessions, exposing Snowflake credentials, query results, and staged file data, and can inject arbitrary SQL bounded by the victim role's privileges. There is no public exploit identified at time of analysis and it is not on CISA KEV, but the reporting vendor (Snowflake) rates it CVSS 4.0 9.2.

Python Authentication Bypass Snowflake Connector For Python
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy