Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-6442
Awaiting Analysis
More InfoOfficial Page
Source-412d305a-227d-44f9-a262-a31ba44f2aea
View Known Exploited Vulnerability (KEV) details
Published At-16 Apr, 2026 | 19:16
Updated At-17 Apr, 2026 | 15:38

Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.3HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-1286Secondary412d305a-227d-44f9-a262-a31ba44f2aea
CWE ID: CWE-1286
Type: Secondary
Source: 412d305a-227d-44f9-a262-a31ba44f2aea
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Response412d305a-227d-44f9-a262-a31ba44f2aea
N/A
https://www.promptarmor.com/412d305a-227d-44f9-a262-a31ba44f2aea
N/A
Hyperlink: https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Response
Source: 412d305a-227d-44f9-a262-a31ba44f2aea
Resource: N/A
Hyperlink: https://www.promptarmor.com/
Source: 412d305a-227d-44f9-a262-a31ba44f2aea
Resource: N/A
Change History
0Changes found

Details not found