Lucene search
K

562 matches found

NVD
NVD
added 2026/06/29 4:16 p.m.10 views

CVE-2026-13746

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the...

5.4CVSS0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 4:12 p.m.35 views

CVE-2026-13751 Snowflake CLI Server-Side Request Forgery via Arbitrary URL Fetch in !source/!load

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. B...

4.1CVSS0.00118EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:12 p.m.7 views

CVE-2026-13751

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. B...

4.1CVSS5.9AI score0.00118EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/29 4:12 p.m.6 views

EUVD-2026-40147

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. B...

4.1CVSS5.9AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 4:12 p.m.20 views

CVE-2026-13751

CVE-2026-13751 concerns Snowflake CLI prior to v3.19, where the SQL reader’s !source/!load directives could reference remote URLs retrieved at runtime. The root cause is improper handling of untrusted remote references, enabling server-side request forgery within the vulnerable command path. Impa...

9.6CVSS5.9AI score0.00118EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/29 4:7 p.m.7 views

EUVD-2026-40137

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 4:7 p.m.23 views

CVE-2026-13750

Snowflake CLI contains a local-logging vulnerability prior to version 3.19 where sensitive credentials (passwords, tokens, or private key material) could be written to persistent debug logs. An attacker with read access to the affected user’s local log files could exfiltrate credentials if they a...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/29 4:2 p.m.6 views

EUVD-2026-40135

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generate...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 4:2 p.m.19 views

CVE-2026-13749

Snowflake CLI prior to 3.19 is affected by Improper neutralization in the Snowpark annotation processor callback template, enabling arbitrary code execution during bundling or deployment. An attacker can supply crafted project content that is interpolated into generated Python code, causing code ...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/29 3:58 p.m.9 views

EUVD-2026-40133

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended...

6.3CVSS6AI score0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 3:58 p.m.6 views

CVE-2026-13748

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended...

6.3CVSS6AI score0.00139EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/29 3:58 p.m.18 views

CVE-2026-13748

CVE-2026-13748 affects Snowflake CLI prior to 3.19. The vulnerability arises from improper restriction of file path resolution, allowing an attacker-controlled repository or project content to cause the CLI to read arbitrary local files and transmit or embed their contents during deployment or SQ...

6.3CVSS6AI score0.00139EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/29 3:51 p.m.20 views

CVE-2026-13746

Summary: CVE-2026-13746 affects Snowflake CLI prior to 3.19, where improper neutralization of local CLI parameters can cause unintended SQL execution within the user’s Snowflake session. This self-injection is possible because parameters are passed via local CLI arguments, not project files or ex...

5.4CVSS5.9AI score0.0013EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/29 3:51 p.m.6 views

EUVD-2026-40132

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the...

3.6CVSS5.9AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 3:40 p.m.7 views

EUVD-2026-40129

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.3CVSS5.9AI score0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 3:40 p.m.37 views

CVE-2026-13744 Snowflake CLI SQL Injection Through Improper Neutralization of User-Controlled Input

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.3CVSS0.0032EPSS
Exploits0References1
CVE
CVE
added 2026/06/29 3:40 p.m.16 views

CVE-2026-13744

CVE-2026-13744 affects Snowflake CLI versions prior to 3.19. The vulnerability arises from improper neutralization of attacker-controlled content, allowing unintended SQL execution when a victim processes crafted repository content, project configuration, manifest data, or specification input thr...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53313

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Sensitive information is inserted into log files in plaintext. This occurs when credentials, such as passwords, tokens, or private key material, are written to persistent local debug logs. An...

5.5CVSS6AI score0.00108EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53310

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of local CLI parameters allows unintended SQL execution. A user can trigger this issue by providing crafted values to the Cortex SQL or object listing command paths,...

5.4CVSS6.1AI score0.0013EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.8 views

PT-2026-53312

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization in the Snowpark annotation processor callback template allows arbitrary code execution during application bundling or deployment. An attacker can exploit this by providin...

8.8CVSS6.5AI score0.0037EPSS
Exploits0References4
Rows per page
Query Builder