Improper Neutralization Vulnerability in Snowflake CLI Affects Snowflake Products
CVE-2026-13744

8.3HIGH

Key Information:

Vendor: Snowflake
Status: Snowflake Cli
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-13744?

The Snowflake CLI has a vulnerability that allows attackers to execute unintended SQL commands by manipulating user-provided inputs. Specifically, in versions prior to 3.19, crafted repositories, project configurations, manifest data, or specification inputs can lead to execution in the context of the victim user's Snowflake session. This exploitation occurs if the victim processes these maliciously crafted inputs through a vulnerable command path, and is restricted to the privileges of the session. Users are advised to manually upgrade to Snowflake CLI version 3.19 or later to mitigate this risk.

Affected Version(s)

Snowflake CLI 1.2.2 < 3.19.0

References

https://community.snowflake.com/s/article/Snowflake-CLI-V...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 29, 2026

CVE-2026-13744 Data

JSON