SQL Execution Vulnerability in Snowflake CLI by Snowflake
CVE-2026-13752

6MEDIUM

Key Information:

Vendor: Snowflake
Status: Snowflake Cli
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-13752?

A vulnerability in the Snowflake CLI prior to version 3.19 allows for unintended SQL execution due to improper neutralization of command parameters. Attackers can exploit this vulnerability by supplying crafted values, which may reach vulnerable parameters through means such as socially engineered input or faulty automation configurations. This could lead to arbitrary SQL commands being executed within the context of the affected user's Snowflake session. The degree of impact is contingent upon the privileges assigned to the user session. To mitigate this risk, users are urged to upgrade to Snowflake CLI version 3.19, where a fix has been implemented.

Affected Version(s)

Snowflake CLI 1.1.0 < 3.19.0

References

https://community.snowflake.com/s/article/Snowflake-CLI-V...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 29, 2026

CVE-2026-13752 Data

JSON