CVE-2026-3293 in snowflake-jdbc
Summary
by MITRE • 02/27/2026
A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts can lead to inefficient regular expression complexity. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 5fb0a8a318a2ed87f4022a1f56e742424ba94052. A patch should be applied to remediate this issue.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/03/2026
The vulnerability identified in snowflakedb snowflake-jdbc version 4.0.1 represents a significant security concern within the JDBC URL Handler component, specifically within the SdkProxyRoutePlanner.java file. This weakness manifests as an inefficient regular expression complexity issue that can be exploited through manipulation of the nonProxyHosts argument. The vulnerability is classified as a local attack vector, meaning that exploitation requires access to the local system where the JDBC driver is installed and running. The presence of a publicly available exploit further amplifies the risk, as malicious actors can readily leverage this vulnerability without requiring remote access to the target system.
The technical flaw resides in the implementation of the SdkProxyRoutePlanner class which handles proxy routing decisions for database connections. When the nonProxyHosts parameter is manipulated, the regular expression processing becomes computationally expensive, potentially leading to denial of service conditions or performance degradation. This issue falls under the category of regular expression denial of service (ReDoS) vulnerabilities, which are commonly categorized under CWE-1321. The specific implementation flaw involves how the JDBC driver processes proxy host configurations, where improper handling of regular expressions can create exponential time complexity during pattern matching operations. The vulnerability demonstrates poor input validation and sanitization practices in the URL handler component, which is critical for database connectivity and security.
The operational impact of this vulnerability extends beyond simple performance degradation to potentially compromise system availability and integrity. When exploited, the inefficient regular expression processing can cause the JDBC driver to consume excessive computational resources, leading to application slowdowns or complete service unavailability. This is particularly concerning in enterprise environments where database connectivity is critical for business operations. The local execution requirement does not diminish the threat level significantly, as local privilege escalation attacks or compromised local accounts can provide attackers with the necessary access to exploit this vulnerability. Organizations using the affected snowflake-jdbc versions may experience service disruptions and potential data access delays, especially in high-traffic scenarios where proxy routing decisions are frequently processed.
Mitigation efforts should focus on immediate patch application as indicated by the provided patch identifier 5fb0a8a318a2ed87f4022a1f56e742424ba94052. System administrators should prioritize updating all instances of the snowflake-jdbc driver to versions that contain the remediation for this vulnerability. Additionally, organizations should implement monitoring for unusual CPU consumption patterns or performance degradation that might indicate exploitation attempts. Network segmentation and access controls should be reviewed to limit local system access where possible, reducing the attack surface for local exploitation. The vulnerability also highlights the importance of proper input validation and regular expression design practices, aligning with ATT&CK technique T1059.007 for command and scripting interpreter and T1499.004 for network disruption. Organizations should consider implementing automated patch management processes to ensure timely remediation of similar vulnerabilities in database connectivity components. Security teams should also conduct thorough testing of patched environments to ensure that the remediation does not introduce compatibility issues with existing database connection configurations.