PT-2026-57988 · Snowflake · Snowflake Spark Connector
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-15183
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Snowflake Spark Connector (spark-snowflake) versions prior to 3.2.1
Description
Multiple input validation issues allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL using the connector's Snowflake role, or redirect COPY operations to storage controlled by the attacker. Exploitation can occur by providing a crafted OAuth token request URL, placing malicious files in an ingestion pipeline, or injecting SQL via staging options in a shared Spark environment. Additionally, issuing runtime SET commands in a shared Spark-SQL session can inject arbitrary SQL into the
SnowflakeFallbackCatalog option map, which then executes using the cluster admin's JDBC credentials. This may lead to credential theft, unauthorized access to Snowflake account data, or privilege escalation within the connected infrastructure.Recommendations
Update Snowflake Spark Connector (spark-snowflake) to version 3.2.1 or later.
Fix
SQL injection
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Snowflake Spark Connector