7 matches found
CVE-2026-13750
Snowflake CLI contains a local-logging vulnerability prior to version 3.19 where sensitive credentials (passwords, tokens, or private key material) could be written to persistent debug logs. An attacker with read access to the affected user’s local log files could exfiltrate credentials if they a...
CVE-2026-13749
Snowflake CLI prior to 3.19 is affected by Improper neutralization in the Snowpark annotation processor callback template, enabling arbitrary code execution during bundling or deployment. An attacker can supply crafted project content that is interpolated into generated Python code, causing code ...
CVE-2026-13751
CVE-2026-13751 concerns Snowflake CLI prior to v3.19, where the SQL reader’s !source/!load directives could reference remote URLs retrieved at runtime. The root cause is improper handling of untrusted remote references, enabling server-side request forgery within the vulnerable command path. Impa...
CVE-2026-13746
Summary: CVE-2026-13746 affects Snowflake CLI prior to 3.19, where improper neutralization of local CLI parameters can cause unintended SQL execution within the user’s Snowflake session. This self-injection is possible because parameters are passed via local CLI arguments, not project files or ex...
CVE-2026-13748
CVE-2026-13748 affects Snowflake CLI prior to 3.19. The vulnerability arises from improper restriction of file path resolution, allowing an attacker-controlled repository or project content to cause the CLI to read arbitrary local files and transmit or embed their contents during deployment or SQ...
CVE-2026-13744
CVE-2026-13744 affects Snowflake CLI versions prior to 3.19. The vulnerability arises from improper neutralization of attacker-controlled content, allowing unintended SQL execution when a victim processes crafted repository content, project configuration, manifest data, or specification input thr...
CVE-2026-13752
CVE-2026-13752 affects Snowflake CLI prior to 3.19. Improper neutralization of parameters in certain CLI paths allows unintended SQL execution within the user’s Snowflake session when crafted values reach vulnerable parameters (e.g., via socially engineered input, malicious repository configurati...