Skip to main content

Snowflake Spark Connector

1 CVEs product

Monthly

CVE-2026-15183 CRITICAL PATCH Act Now

SQL injection and input-validation weaknesses in the Snowflake Spark Connector (spark-snowflake) before version 3.2.1 let attackers exfiltrate OAuth client credentials, run arbitrary SQL under the connector's Snowflake role, and redirect COPY data-loading operations to attacker-controlled storage. Reported by Snowflake, the flaws are most dangerous in shared/multi-tenant Spark clusters where injected SQL executes with the cluster admin's JDBC credentials, enabling credential theft and privilege escalation. Rated CVSS 4.0 9.2 (Critical); no public exploit identified at time of analysis.

Authentication Bypass SQLi Privilege Escalation Snowflake Spark Connector
NVD VulDB
CVSS 4.0
9.2
EPSS
0.2%
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

SQL injection and input-validation weaknesses in the Snowflake Spark Connector (spark-snowflake) before version 3.2.1 let attackers exfiltrate OAuth client credentials, run arbitrary SQL under the connector's Snowflake role, and redirect COPY data-loading operations to attacker-controlled storage. Reported by Snowflake, the flaws are most dangerous in shared/multi-tenant Spark clusters where injected SQL executes with the cluster admin's JDBC credentials, enabling credential theft and privilege escalation. Rated CVSS 4.0 9.2 (Critical); no public exploit identified at time of analysis.

Authentication Bypass SQLi Privilege Escalation +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy