Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-13752
Analyzed
More InfoOfficial Page
Source-412d305a-227d-44f9-a262-a31ba44f2aea
View Known Exploited Vulnerability (KEV) details
Published At-29 Jun, 2026 | 17:16
Updated At-30 Jun, 2026 | 15:59

Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session. Successful exploitation required crafted values to reach vulnerable parameters, including through socially engineered input, malicious repository configuration, or compromised automation feeding external values into the CLI, and impact is limited by the privileges assigned to the active session. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.0MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Primary3.18.0HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

snowflake
snowflake
>>snowflake_cli>>Versions from 1.1.0(inclusive) to 3.19.0(exclusive)
cpe:2.3:a:snowflake:snowflake_cli:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Secondary412d305a-227d-44f9-a262-a31ba44f2aea
CWE ID: CWE-89
Type: Secondary
Source: 412d305a-227d-44f9-a262-a31ba44f2aea
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://community.snowflake.com/s/article/Snowflake-CLI-Vulnerability-Advisory412d305a-227d-44f9-a262-a31ba44f2aea
Vendor Advisory
Hyperlink: https://community.snowflake.com/s/article/Snowflake-CLI-Vulnerability-Advisory
Source: 412d305a-227d-44f9-a262-a31ba44f2aea
Resource:
Vendor Advisory
Change History
0Changes found

Details not found