Input Validation Vulnerabilities in Snowflake Spark Connector by Snowflake
CVE-2026-15183
9.2CRITICAL
What is CVE-2026-15183?
Multiple input validation vulnerabilities exist in the Snowflake Spark Connector, allowing potential attackers to exfiltrate OAuth client credentials and execute arbitrary SQL commands using the connector's Snowflake role. These vulnerabilities could be exploited through a crafted OAuth token request URL, by placing malicious files in an ingestion pipeline, or injecting SQL in a shared Spark environment. Attackers may also manipulate runtime commands to execute unauthorized SQL under elevated privileges, potentially leading to credential theft and privilege escalation within the associated infrastructure.
Affected Version(s)
Snowflake Spark Connector 0.1.0 < 3.2.1
