CVE-2026-13749 - Vulnerability Details

Description

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generated Python code, causing Snowflake CLI to execute attacker-controlled code in the local context of the user running the CLI. Successful exploitation requires the victim to run the relevant bundling or deployment workflow against attacker-controlled project content, and any resulting code runs with the privileges of that local execution context. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.

Published: 2026-06-29

Score: 8.8 High

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

Improper neutralization within the Snowpark annotation processor callback template in Snowflake CLI versions before 3.19 permits an attacker to inject crafted content that is interpolated into generated Python code, leading to arbitrary code execution in the local context of the user running the CLI. The vulnerability arises from the lack of safe handling of template variables, allowing the injection of malicious code that the CLI subsequently executes during application bundling or deployment. This flaw can compromise confidentiality, integrity, and availability as the attacker’s code runs with the privileges of the user launching the process.

Affected Systems

The vendor Snowflake CLI is affected. All installations of Snowflake CLI with versions prior to 3.19 are vulnerable. The patch is available in version 3.19 and later.

Risk and Exploitability

The CVSS score is 8.8, indicating high severity. No EPSS score is currently available, so the probability of exploitation is uncertain. The vulnerability is not listed in CISA KEV. Attacks likely require an attacker to supply crafted project content that is bundled or deployed by a user, implying a local or insider attack scenario rather than a remote network exploit. Successful exploitation would execute arbitrary code with the local user’s privileges.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Snowflake

Snowflake CLI

unaffected

Version	Status	Constraints
`2.4.0`	affected	< 3.19.0

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Snowflake CLI to version 3.19 or later
Audit and quarantine any project content that may contain unsafe user-generated code before bundling or deployment
Enforce strict access controls and separate deployment environments to limit the scope of potential code execution

Generated by OpenCVE AI on June 29, 2026 at 17:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://community.snowflake.com/s/article/Snowflake-CLI-Vulnerability-Advisory

History

Mon, 29 Jun 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying crafted project content that is interpolated into generated Python code, causing Snowflake CLI to execute attacker-controlled code in the local context of the user running the CLI. Successful exploitation requires the victim to run the relevant bundling or deployment workflow against attacker-controlled project content, and any resulting code runs with the privileges of that local execution context. The fix is available in Snowflake CLI version 3.19, and users must manually upgrade.
Title		Snowflake CLI Arbitrary Code Execution via Snowpark Annotation Processor Template Injection
Weaknesses		CWE-94
References		https://community.snowflake.com/s/article/Snowflake-CLI-Vulnerability-Advisory
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: SNOWFLAKE

Published: 2026-06-29T16:02:47.000Z

Updated: 2026-06-29T16:19:21.911Z

Reserved: 2026-06-29T15:59:04.347Z

Link: CVE-2026-13749

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-29T17:30:06Z

Weaknesses

CWE-94
Improper Control of Generation of Code ('Code Injection')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object