CVE-2026-6442 - Vulnerability Details

- Improper Command Detection Logic Allows RCE in Cortex Code Command-Line Interface

Description

Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required.

Published: 2026-04-16

Score: 8.3 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from improper validation of bash commands in the Snowflake Cortex Code Command‑Line Interface, allowing subsequent commands to be executed outside the intended sandbox. This flaw, identified as CWE‑1286, enables an attacker to embed specially crafted commands in untrusted content such as a malicious repository, leading to arbitrary code execution on the local device without user consent. The impact is a compromise of confidentiality, integrity, and availability of the affected system.

Affected Systems

Snowflake Cortex Code CLI versions prior to 1.0.25 are affected; any installation that processes untrusted repositories or content can be impacted. No specific operating system is singled out, so all platforms supported by the CLI are potentially vulnerable.

Risk and Exploitability

The CVSS score of 8.3 signals high severity. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed active exploitation. The likely attack vector, inferred from the description, involves submitting malicious content through a repository that the CLI consumes; the exploitation is non‑deterministic and model‑dependent. While the risk window may be limited, the potential damage remains significant and requires prompt remediation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Snowflake

Cortex Code CLI

unaffected

Version	Status	Constraints
`<1.0.25`	affected	—

No data.

Vendor Product Confidence Versions

Snowflake

Cortex Code Cli

100%

Version	Status	Scheme	Platform
`[0,1.0.25)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Snowflake Cortex Code CLI to version 1.0.25 or later to apply the automatic fix
If an upgrade cannot be performed immediately, isolate the CLI environment and restrict it to trusted repositories only, enforcing strict content scanning
Monitor system logs for unexpected command execution and audit activity for signs of exploitation attempts

Generated by OpenCVE AI on April 17, 2026 at 02:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00081.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Response
https://www.promptarmor.com/

History

Fri, 17 Apr 2026 08:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Snowflake Snowflake cortex Code Cli
Vendors & Products		Snowflake Snowflake cortex Code Cli

Thu, 16 Apr 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 16 Apr 2026 19:00:00 +0000

Type	Values Removed	Values Added
Description		Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required.
Title		Improper Command Detection Logic Allows RCE in Cortex Code Command-Line Interface
Weaknesses		CWE-1286
References		https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Response https://www.promptarmor.com/
Metrics		cvssV3_1 `{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H'}`

Subscriptions

Snowflake Cortex Code Cli

MITRE

Status: PUBLISHED

Assigner: SNOWFLAKE

Published: 2026-04-16T18:43:21.181Z

Updated: 2026-04-16T18:54:58.366Z

Reserved: 2026-04-16T18:21:41.495Z

Link: CVE-2026-6442

Vulnrichment

Updated: 2026-04-16T18:54:48.389Z

NVD

Status : Awaiting Analysis

Published: 2026-04-16T19:16:35.560

Modified: 2026-04-17T15:38:09.243

Link: CVE-2026-6442

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T08:01:28Z

Weaknesses

CWE-1286

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object