PT-2026-60425 · Snowflake · Snowflake Connector For Python

CVE-2026-15925

·

Published

2026-07-16

·

Updated

2026-07-16

CVSS v4.0

9.2

Critical

VectorAV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions Snowflake Connector for Python versions prior to 4.7.1 Snowflake Connector for Python versions prior to 3.18.1
Description Improper TLS hostname verification allows a network-positioned attacker to bypass certificate hostname validation on HTTPS connections. An attacker with on-path network access can intercept or redirect traffic and present a certificate signed by any trusted CA for any domain, leading the connector to accept the connection without verifying if the certificate matches the requested hostname. This requires on-path traffic interception capabilities such as ARP/DNS poisoning, rogue access points, BGP hijacking, or malicious proxies. This issue may expose credentials, query data, and staged file contents to interception and tampering, and could allow the attacker to execute arbitrary SQL within the victim's connector session, limited by the privileges of the affected Snowflake role.
Recommendations Upgrade to version 4.7.1. Upgrade to version 3.18.1.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-15925

Affected Products

Snowflake Connector For Python