Improper Command Validation in Snowflake Cortex Code CLI
CVE-2026-6442

8.3HIGH

Key Information:

Vendor: Snowflake
Status: Cortex Code Cli
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-6442?

An vulnerability in Snowflake Cortex Code CLI allows for improper validation of bash commands. This flaw can enable an attacker to exploit the CLI by crafting malicious commands within untrusted content, such as a harmful repository. When the CLI agent processes these commands, it may unintentionally execute arbitrary code on the user's local device without obtaining user consent. The risk of exploitation can vary based on the model and is non-deterministic. Fortunately, when the CLI is relaunched, it automatically applies a fix that requires no action from the user.

Affected Version(s)

Cortex Code CLI <1.0.25

References

https://community.snowflake.com/s/article/PromptArmor-Rep...

https://www.promptarmor.com/

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 16, 2026

Credit

PromptArmor

CVE-2026-6442 Data

JSON