CVE-2026-13746: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Snowflake Snowflake CLI
Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the context of that user's Snowflake session. Successful exploitation is constrained to self-injection because the vulnerable parameters were supplied directly through local CLI arguments rather than through project files, repositories, or other external input sources, and impact is limited to the privileges already available to the current session. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.
AI Analysis
Technical Summary
The vulnerability in Snowflake CLI before version 3.19 involves improper neutralization of special elements in local CLI parameters used in SQL commands. This flaw permits an attacker to inject and execute unintended SQL statements in the context of their own Snowflake session by supplying crafted input to vulnerable Cortex SQL or object listing command paths. Because the injection vector is limited to local CLI arguments and not external sources, the attack surface is constrained to self-injection, and the impact is limited to the privileges of the current session. Snowflake CLI version 3.19 includes a fix that addresses this issue.
Potential Impact
Successful exploitation allows an attacker to execute unintended SQL commands within their own Snowflake session, potentially leading to unauthorized data access or manipulation limited by the user's existing privileges. There is no indication of privilege escalation or impact beyond the current session. The vulnerability does not affect other users or external systems.
Mitigation Recommendations
A patch is available in Snowflake CLI version 3.19. Users should manually upgrade to this version to remediate the vulnerability. Since this is a client-side CLI tool vulnerability, upgrading the CLI is necessary to prevent exploitation.
CVE-2026-13746: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Snowflake Snowflake CLI
Description
Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the context of that user's Snowflake session. Successful exploitation is constrained to self-injection because the vulnerable parameters were supplied directly through local CLI arguments rather than through project files, repositories, or other external input sources, and impact is limited to the privileges already available to the current session. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.
CVSS v3.1
Score 3.6low
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in Snowflake CLI before version 3.19 involves improper neutralization of special elements in local CLI parameters used in SQL commands. This flaw permits an attacker to inject and execute unintended SQL statements in the context of their own Snowflake session by supplying crafted input to vulnerable Cortex SQL or object listing command paths. Because the injection vector is limited to local CLI arguments and not external sources, the attack surface is constrained to self-injection, and the impact is limited to the privileges of the current session. Snowflake CLI version 3.19 includes a fix that addresses this issue.
Potential Impact
Successful exploitation allows an attacker to execute unintended SQL commands within their own Snowflake session, potentially leading to unauthorized data access or manipulation limited by the user's existing privileges. There is no indication of privilege escalation or impact beyond the current session. The vulnerability does not affect other users or external systems.
Mitigation Recommendations
A patch is available in Snowflake CLI version 3.19. Users should manually upgrade to this version to remediate the vulnerability. Since this is a client-side CLI tool vulnerability, upgrading the CLI is necessary to prevent exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- SNOWFLAKE
- Date Reserved
- 2026-06-29T15:41:42.790Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 6a429b9427e9c7971920c06f
Added to database: 06/29/2026, 16:21:40 UTC
Last enriched: 06/29/2026, 16:36:55 UTC
Last updated: 06/29/2026, 17:21:44 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.