CVE-2026-13752 in CLI
Summary
by MITRE • 06/29/2026
Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by supplying crafted values to vulnerable command paths, causing Snowflake CLI to execute unintended SQL in the context of the user’s Snowflake session. Successful exploitation required crafted values to reach vulnerable parameters, including through socially engineered input, malicious repository configuration, or compromised automation feeding external values into the CLI, and impact is limited by the privileges assigned to the active session. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/29/2026
This vulnerability represents a critical command injection flaw in the Snowflake command line interface that stems from inadequate input validation and parameter handling within the software's parsing mechanisms. The issue manifests when the CLI processes user-supplied arguments through vulnerable command paths where parameter values are not properly sanitized before being incorporated into SQL execution contexts. This weakness creates an environment where maliciously crafted inputs can bypass normal security controls and directly influence database operations, effectively allowing attackers to execute arbitrary SQL commands within the scope of the authenticated user's session permissions.
The technical exploitation of this vulnerability requires careful crafting of input parameters that can traverse multiple layers of the CLI's argument processing pipeline before reaching the vulnerable SQL execution points. Attackers typically need to gain access to the command line environment through social engineering tactics that trick users into executing malicious commands, or by compromising automated systems that feed external data into Snowflake CLI operations. The attack vector becomes particularly dangerous when considering that the vulnerability can be exploited through repository configuration manipulation or compromised automation workflows where external inputs are automatically processed without proper sanitization. This creates a scenario where even legitimate automation tools can become conduits for malicious SQL injection attacks when they pass untrusted data directly to vulnerable CLI functions.
The operational impact of this vulnerability extends beyond simple data theft or modification, as it fundamentally compromises the integrity and confidentiality of database operations within Snowflake environments. The severity is directly proportional to the privileges assigned to the active session performing the CLI operations, meaning that attackers with elevated permissions can cause extensive damage including unauthorized data access, modification, deletion, or even privilege escalation within the database environment. The vulnerability's exploitation is limited by the principle of least privilege but demonstrates a significant security gap in parameter handling that could be leveraged for lateral movement within database ecosystems or to establish persistent access patterns through carefully crafted attack chains.
Organizations must implement immediate remediation strategies including mandatory upgrade to Snowflake CLI version 3.19 which contains the necessary patches to address the parameter neutralization issues. The fix addresses the root cause by implementing proper input sanitization mechanisms that prevent malicious parameters from being processed through vulnerable execution paths, thereby breaking the attack chain that enables SQL injection. Security teams should also conduct comprehensive audits of automation workflows and repository configurations to identify potential exposure points where external inputs might be inadvertently passed to CLI operations without proper validation. Additionally, organizations should consider implementing additional monitoring controls around CLI usage patterns and establish security awareness training programs to reduce the risk of social engineering attacks that could lead to exploitation of this vulnerability. The fix aligns with common security practices outlined in CWE-77 and addresses attack techniques documented in the ATT&CK framework under command and control categories, specifically targeting the execution of arbitrary code through parameter manipulation.