Improper TLS Hostname Verification in Snowflake Connector for Python
CVE-2026-15925
9.2CRITICAL
What is CVE-2026-15925?
The Snowflake Connector for Python prior to version 4.7.1 is susceptible to improper TLS hostname verification, potentially allowing network-positioned attackers to circumvent certificate hostname validation during HTTPS connections. This vulnerability enables attackers with on-path network access to intercept or manipulate communications by presenting a certificate from any trusted Certificate Authority (CA) for any domain, thereby compromising the integrity of the connection and facilitating credential exposure, data interception, and SQL injection attacks. Users are encouraged to upgrade to version 4.7.1 to mitigate this risk.
Affected Version(s)
Snowflake Connector for Python 1.7.4 < 4.7.1
