Sensitive Information Exposure in Snowflake CLI by Snowflake
CVE-2026-13750

5.5MEDIUM

Key Information:

Vendor: Snowflake
Status: Snowflake Cli
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-13750?

The Snowflake CLI versions prior to 3.19 have been found to expose sensitive information through the insertion of plaintext credentials into persistent local debug logs. This vulnerability allows an attacker with read access to these logs to potentially retrieve sensitive data, including passwords, tokens, or private keys, especially when these credentials are present in the affected connection context. The security issue arises from the lack of sufficient safeguards at the application level. Users are strongly recommended to upgrade to Snowflake CLI version 3.19 to mitigate this risk.

Affected Version(s)

Snowflake CLI 3.0.0 < 3.19.0

References

https://community.snowflake.com/s/article/Snowflake-CLI-V...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 29, 2026

CVE-2026-13750 Data

JSON