CVE-2026-13751
CVE-2026-13751 is a medium-severity vulnerability in Snowflake Snowflake Cli with a CVSS 3.x base score of 4.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-829.
Key facts
- Severity: Medium (CVSS 3.x base score 4.1)
- EPSS exploit prediction: 0% (2nd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-829
- Affected product: Snowflake Snowflake Cli
- Published:
- Last modified:
Description
Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. By supplying crafted SQL content processed through a vulnerable command path, an attacker could cause the victim's environment to issue unintended outbound requests to internal or otherwise non-public network locations, and could cause remote SQL content to be retrieved and executed in the context of the victim user's session. Successful exploitation requires the victim to process attacker-controlled content through a vulnerable command path and is limited by the privileges available to that session and environment. The fix is available in Snowflake CLI version 3.19, which adds an option to disable remote URL retrieval.
Frequently asked questions
- What is CVE-2026-13751?
- Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. By supplying crafted SQL content processed through a vulnerable command path, an attacker could cause the victim's environment to issue unintended outbound requests to internal or otherwise non-public network locations, and could cause remote SQL content to be retrieved and executed in the context of the victim user's session. Successful exploitation requires the victim to process attacker-controlled content through a vulnerable command path and is limited by the privileges available to that session and environment. The fix is available in Snowflake CLI version 3.19, which adds an option to disable remote URL retrieval.
- How severe is CVE-2026-13751?
- CVE-2026-13751 has a CVSS 3.x base score of 4.1, rated medium severity. It is exploitable over local access with high attack complexity, requires no privileges and user interaction. Impact on confidentiality is low, integrity low, and availability none.
- Is CVE-2026-13751 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (2nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-13751?
- CVE-2026-13751 affects Snowflake Snowflake Cli. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-13751?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2026-13751 published?
- CVE-2026-13751 was published on 2026-06-29 and last updated on 2026-06-30.
References
Affected products (1)
- cpe:2.3:a:snowflake:snowflake_cli:*:*:*:*:*:*:*:*
More vulnerabilities in Snowflake Snowflake Cli
- CVE-2026-13749 — High (CVSS 8.8): Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19…
- CVE-2026-13744 — High (CVSS 8.3): Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL…
- CVE-2026-13748 — Medium (CVSS 6.3): Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file…
- CVE-2026-13752 — Medium (CVSS 6.0): Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An…
- CVE-2026-13750 — Medium (CVSS 5.5): Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials…
- CVE-2026-13746 — Low (CVSS 3.6): Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL…
All CVEs affecting Snowflake Snowflake Cli →
Other CWE-829 vulnerabilities
- CVE-2026-1699 — Critical (CVSS 10.0): In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used…
- CVE-2025-70974 — Critical (CVSS 10.0): Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key…
- CVE-2025-0982 — Critical (CVSS 10.0): Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute…
- CVE-2021-41037 — Critical (CVSS 10.0): In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via…
- CVE-2022-1161 — Critical (CVSS 10.0): An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix,…
- CVE-2020-4561 — Critical (CVSS 10.0): IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This…