CVE-2026-13748
Received Received - Intake

Path Traversal Vulnerability in Snowflake CLI

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: 412d305a-227d-44f9-a262-a31ba44f2aea

Description
Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended project boundary, causing Snowflake CLI to read local files and upload or embed their contents during deployment or SQL template processing. Successful exploitation required the victim to process attacker-controlled project content, and retrieval of exfiltrated data depended on access to the victim's Snowflake account artifacts such as query history or uploaded stage content. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-29
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-13748
EUVD
EUVD-2026-40133

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
snowflake snowflake_cli to 3.19 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
CWE-61 The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an improper restriction of file path resolution in Snowflake CLI versions prior to 3.19. It allows an attacker to cause the Snowflake CLI to read arbitrary local files outside the intended project boundaries by supplying specially crafted repository or project content. This means that when the victim processes attacker-controlled project content, the CLI may read and transmit local file contents to Snowflake services during deployment or SQL template processing.

Compliance Impact

This vulnerability allows arbitrary local file content to be read and transmitted to Snowflake services without proper restriction, potentially exposing sensitive data.

If exploited, it could lead to unauthorized disclosure of personal or sensitive information, which may impact compliance with data protection regulations such as GDPR or HIPAA.

Organizations using affected versions of Snowflake CLI should upgrade to version 3.19 to mitigate the risk and help maintain compliance with these standards.

Impact Analysis

The impact of this vulnerability is that an attacker can exfiltrate sensitive local file contents from the victim's machine by tricking them into processing malicious project content. The attacker can then access this exfiltrated data if they have access to the victim's Snowflake account artifacts such as query history or uploaded stage content. This could lead to unauthorized disclosure of sensitive information.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade the Snowflake CLI to version 3.19 or later, where the issue has been fixed.

Additionally, avoid processing attacker-controlled project content that could exploit the file path resolution flaw.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-13748. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart