Lucene search
+L
SnowflakeSnowflake Cli

7 matches found

cve
cve
added 2026/06/29 4:7 p.m.28 views

CVE-2026-13750

Snowflake CLI contains a local-logging vulnerability prior to version 3.19 where sensitive credentials (passwords, tokens, or private key material) could be written to persistent debug logs. An attacker with read access to the affected user’s local log files could exfiltrate credentials if they a...

5.5CVSS5.8AI score0.00108EPSS
cve
cve
added 2026/06/29 4:2 p.m.24 views

CVE-2026-13749

Snowflake CLI prior to 3.19 is affected by Improper neutralization in the Snowpark annotation processor callback template, enabling arbitrary code execution during bundling or deployment. An attacker can supply crafted project content that is interpolated into generated Python code, causing code ...

8.8CVSS6.5AI score0.0037EPSS
cve
cve
added 2026/06/29 4:12 p.m.24 views

CVE-2026-13751

CVE-2026-13751 concerns Snowflake CLI prior to v3.19, where the SQL reader’s !source/!load directives could reference remote URLs retrieved at runtime. The root cause is improper handling of untrusted remote references, enabling server-side request forgery within the vulnerable command path. Impa...

9.6CVSS5.9AI score0.00118EPSS
cve
cve
added 2026/06/29 3:51 p.m.23 views

CVE-2026-13746

Summary: CVE-2026-13746 affects Snowflake CLI prior to 3.19, where improper neutralization of local CLI parameters can cause unintended SQL execution within the user’s Snowflake session. This self-injection is possible because parameters are passed via local CLI arguments, not project files or ex...

5.4CVSS5.9AI score0.0013EPSS
cve
cve
added 2026/06/29 3:58 p.m.23 views

CVE-2026-13748

CVE-2026-13748 affects Snowflake CLI prior to 3.19. The vulnerability arises from improper restriction of file path resolution, allowing an attacker-controlled repository or project content to cause the CLI to read arbitrary local files and transmit or embed their contents during deployment or SQ...

6.3CVSS6AI score0.00139EPSS
cve
cve
added 2026/06/29 3:40 p.m.22 views

CVE-2026-13744

CVE-2026-13744 affects Snowflake CLI versions prior to 3.19. The vulnerability arises from improper neutralization of attacker-controlled content, allowing unintended SQL execution when a victim processes crafted repository content, project configuration, manifest data, or specification input thr...

8.8CVSS5.9AI score0.0032EPSS
cve
cve
added 2026/06/29 4:24 p.m.18 views

CVE-2026-13752

CVE-2026-13752 affects Snowflake CLI prior to 3.19. Improper neutralization of parameters in certain CLI paths allows unintended SQL execution within the user’s Snowflake session when crafted values reach vulnerable parameters (e.g., via socially engineered input, malicious repository configurati...

8CVSS5.9AI score0.00188EPSS