CVE-2026-13748

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19

Description Improper restriction of file path resolution allows arbitrary local file content to be read and transmitted to Snowflake services. An attacker can exploit this by providing crafted repository or project content that references files outside the intended project boundary. This causes the CLI to read local files and upload or embed their contents during SQL template processing or deployment. Successful exploitation requires the victim to process attacker-controlled project content, and the retrieval of exfiltrated data depends on access to the victim's Snowflake account artifacts, such as uploaded stage content or query history.

Recommendations Upgrade to Snowflake CLI version 3.19.