CVE-2026-13751 in CLI
Summary
by MITRE • 06/29/2026
Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. By supplying crafted SQL content processed through a vulnerable command path, an attacker could cause the victim's environment to issue unintended outbound requests to internal or otherwise non-public network locations, and could cause remote SQL content to be retrieved and executed in the context of the victim user's session. Successful exploitation requires the victim to process attacker-controlled content through a vulnerable command path and is limited by the privileges available to that session and environment. The fix is available in Snowflake CLI version 3.19, which adds an option to disable remote URL retrieval.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/29/2026
This vulnerability represents a critical server-side request forgery issue affecting Snowflake CLI versions prior to 3.19, where improper validation of untrusted remote references creates significant security risks for database environments. The flaw manifests in the SQL statement reader's load directives which are designed to process external references but fail to adequately restrict destination URLs during runtime retrieval operations. This improper handling of remote references allows attackers to manipulate the CLI into establishing connections to arbitrary network locations, effectively bypassing normal network access controls and exposing internal systems to unauthorized access attempts.
The technical implementation of this vulnerability leverages the Snowflake CLI's command processing pipeline where SQL content containing crafted load directives can trigger outbound network requests without proper destination validation. When victims process attacker-controlled SQL content through vulnerable command paths, the system executes remote URL retrieval operations that can reach internal network resources typically protected by firewalls or other network segmentation controls. This creates an attack surface where malicious actors can enumerate internal systems, access sensitive data repositories, or even execute remote code within the context of the victim user's session permissions.
The operational impact of this vulnerability extends beyond simple information disclosure to encompass potential privilege escalation and lateral movement capabilities within compromised environments. Attackers exploiting this flaw can target internal network locations that are normally inaccessible from external networks, potentially gaining access to databases, file servers, or other sensitive infrastructure components. The severity is directly proportional to the privileges available to the victim session and the network configuration of the affected environment, making it particularly dangerous in enterprise settings where users may have elevated database access rights.
This vulnerability aligns with CWE-918 Server-Side Request Forgery and maps to ATT&CK technique T1071.004 Application Layer Protocol: DNS within the command and control category. The issue demonstrates how seemingly legitimate application features can be abused when proper input validation and destination restriction mechanisms are absent from the processing pipeline. Organizations should implement immediate mitigations including upgrading to Snowflake CLI version 3.19 or later, which introduces a configurable option to disable remote URL retrieval functionality entirely. Additionally, network segmentation controls, outbound firewall rules, and regular security audits of SQL content processing pipelines should be implemented to reduce the attack surface and prevent unauthorized access attempts through similar vulnerabilities in other applications.
The remediation approach requires organizations to conduct comprehensive vulnerability assessments across all Snowflake CLI installations, ensuring proper patch management protocols are followed while implementing additional layers of defense. Security teams should also establish monitoring procedures to detect unusual outbound network requests originating from database environments, particularly when these requests target internal or non-public network resources. The fix implemented in version 3.19 addresses the root cause by providing administrators with explicit control over remote reference handling, allowing them to disable potentially dangerous functionality based on their specific security requirements and risk tolerance levels.