Input Validation Vulnerabilities in Snowflake Spark Connector by Snowflake
CVE-2026-15183

9.2CRITICAL

Key Information:

Vendor

Snowflake

Vendor
CVE Published:
14 July 2026

What is CVE-2026-15183?

Multiple input validation vulnerabilities exist in the Snowflake Spark Connector, allowing potential attackers to exfiltrate OAuth client credentials and execute arbitrary SQL commands using the connector's Snowflake role. These vulnerabilities could be exploited through a crafted OAuth token request URL, by placing malicious files in an ingestion pipeline, or injecting SQL in a shared Spark environment. Attackers may also manipulate runtime commands to execute unauthorized SQL under elevated privileges, potentially leading to credential theft and privilege escalation within the associated infrastructure.

Affected Version(s)

Snowflake Spark Connector 0.1.0 < 3.2.1

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.