CVE-2026-3293

Name of the Vulnerable Software and Affected Versions snowflakedb snowflake-jdbc versions up to 4.0.1

Description A weakness exists in the SdkProxyRoutePlanner function within the JDBC URL Handler component of snowflakedb snowflake-jdbc. Manipulation of the nonProxyHosts argument can lead to inefficient regular expression complexity. This issue is locally exploitable and the exploit has been publicly released. The vulnerable code is located in the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java.

Recommendations Apply patch 5fb0a8a318a2ed87f4022a1f56e742424ba94052.