The vulnerability arises when Dagster’s I/O managers for DuckDB, Snowflake, BigQuery, and DeltaLake use unchecked string interpolation to build SQL WHERE clauses for dynamic partitions. An attacker who has the Add Dynamic Partitions permission can supply a specially crafted partition key that injects malicious SQL code. This injected code is executed against the target database with the credentials used by the I/O manager, potentially allowing data exfiltration, modification, or deletion. The flaw is a classic SQL‑injection weakness classified as CWE‑89. The supplied payload does not interact with Dagster’s own codebase beyond the generated SQL, but it can compromise the underlying database completely, impacting confidentiality, integrity, and availability of data managed by those databases.

Vulnerable products are Dagster Core versions earlier than 1.13.1 and Dagster libraries earlier than 0.29.1. The attack can only affect deployments that employ dynamic partitioning; pipelines that use static or time‑window partitions are not impacted. The affected components are the DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers integrated with Dagster.

The CVSS score of 8.3 indicates high severity. The EPSS score is not available, so current exploitation probability cannot be quantified. The vulnerability is not listed in CISA’s KEV catalog. An attacker must first obtain Add Dynamic Partitions permission within a Dagster deployment, then supply a malicious partition key value to trigger the injection. No additional environmental prerequisites are described, implying that the flaw can be exploited by any user with the appropriate permission. Once triggered, the injected SQL runs with the database credential configured for the specific I/O manager, which can lead to full database compromise.