PT-2026-57988 · Snowflake · Snowflake Spark Connector

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-15183

CVSS v4.0

9.2

Critical

VectorAV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions Snowflake Spark Connector (spark-snowflake) versions prior to 3.2.1
Description Multiple input validation issues allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL using the connector's Snowflake role, or redirect COPY operations to storage controlled by the attacker. Exploitation can occur by providing a crafted OAuth token request URL, placing malicious files in an ingestion pipeline, or injecting SQL via staging options in a shared Spark environment. Additionally, issuing runtime SET commands in a shared Spark-SQL session can inject arbitrary SQL into the SnowflakeFallbackCatalog option map, which then executes using the cluster admin's JDBC credentials. This may lead to credential theft, unauthorized access to Snowflake account data, or privilege escalation within the connected infrastructure.
Recommendations Update Snowflake Spark Connector (spark-snowflake) to version 3.2.1 or later.

Fix

SQL injection

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15183

Affected Products

Snowflake Spark Connector