Improper TLS Hostname Verification in Snowflake Connector for Python
CVE-2026-15925

9.2CRITICAL

Key Information:

Vendor

Snowflake

Vendor
CVE Published:
16 July 2026

What is CVE-2026-15925?

The Snowflake Connector for Python prior to version 4.7.1 is susceptible to improper TLS hostname verification, potentially allowing network-positioned attackers to circumvent certificate hostname validation during HTTPS connections. This vulnerability enables attackers with on-path network access to intercept or manipulate communications by presenting a certificate from any trusted Certificate Authority (CA) for any domain, thereby compromising the integrity of the connection and facilitating credential exposure, data interception, and SQL injection attacks. Users are encouraged to upgrade to version 4.7.1 to mitigate this risk.

Affected Version(s)

Snowflake Connector for Python 1.7.4 < 4.7.1

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.