FKIE_CVE-2026-13748
Vulnerability from fkie_nvd - Published: 2026-06-29 16:16 - Updated: 2026-06-30 16:09
Severity
Summary
Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended project boundary, causing Snowflake CLI to read local files and upload or embed their contents during deployment or SQL template processing. Successful exploitation required the victim to process attacker-controlled project content, and retrieval of exfiltrated data depended on access to the victim's Snowflake account artifacts such as query history or uploaded stage content. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| snowflake | snowflake_cli | * |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Snowflake CLI",
"vendor": "Snowflake",
"versions": [
{
"lessThan": "3.19.0",
"status": "affected",
"version": "0.2.2",
"versionType": "semver"
}
]
}
],
"source": "412d305a-227d-44f9-a262-a31ba44f2aea"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:snowflake:snowflake_cli:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7273C8A-C77C-47EC-8269-5C8542894BE4",
"versionEndExcluding": "3.19.0",
"versionStartIncluding": "0.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended project boundary, causing Snowflake CLI to read local files and upload or embed their contents during deployment or SQL template processing. Successful exploitation required the victim to process attacker-controlled project content, and retrieval of exfiltrated data depended on access to the victim\u0027s Snowflake account artifacts such as query history or uploaded stage content. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade."
}
],
"id": "CVE-2026-13748",
"lastModified": "2026-06-30T16:09:36.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "412d305a-227d-44f9-a262-a31ba44f2aea",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-13748",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T16:20:50.026529Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-29T16:16:39.517",
"references": [
{
"source": "412d305a-227d-44f9-a262-a31ba44f2aea",
"tags": [
"Vendor Advisory"
],
"url": "https://community.snowflake.com/s/article/Snowflake-CLI-Vulnerability-Advisory"
}
],
"sourceIdentifier": "412d305a-227d-44f9-a262-a31ba44f2aea",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-61"
},
{
"lang": "en",
"value": "CWE-73"
}
],
"source": "412d305a-227d-44f9-a262-a31ba44f2aea",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…