CVE-2026-6442

Name of the Vulnerable Software and Affected Versions Snowflake Cortex Code CLI versions prior to 1.0.25

Description Improper validation of bash commands allows subsequent commands to execute outside the sandbox. An attacker can embed specially crafted commands in untrusted content, such as a malicious repository, leading to arbitrary code execution on the local device without user consent. This process is non-deterministic and depends on the model used.

Recommendations Update to version 1.0.25 or later. The fix is automatically applied upon relaunching the application.