PT-2026-56459 · Snowflake · Snowpark-Python
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-15062
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
snowpark-python versions prior to 1.53.0
Description
Authenticated low-privilege users can execute SQL commands beyond their authorization scope due to improper input validation and escaping of attacker-controlled identifiers and parameters. This issue can be exploited by embedding SQL payloads in source database column names to escalate privileges via the
DataFrameReader.dbapi() API. Additionally, attackers can supply a specially crafted location parameter to DataFrameWriter write methods to redirect a COPY INTO operation to an arbitrary source query, or use a backslash-single-quote sequence in an export path to bypass the normalize path() sanitizer and inject SQL via DataFrame.to csv(). Successful exploitation may lead to source database compromise, unauthorized cross-tenant data exfiltration, or unauthorized reading of Snowflake account data.Recommendations
Update to version 1.53.0.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Snowpark-Python