What is CVE-2026-13748?

CVE-2026-13748 is a medium-severity vulnerability in Snowflake Cli, classified under Path Traversal. CVSS score: 6.3/10. Published 2026-06-29.

How severe is CVE-2026-13748?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Path Traversal in Snowflake Cli

CVE-2026-13748

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or p…

Vulnerability class: Path Traversal (Directory Traversal)

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N.

Affected products

Snowflake Cli — versions 0.2.2

Weakness classification (CWE)

CWE-22 — Path Traversal
CWE-61 — UNIX Symbolic Link (Symlink) Following
CWE-73 — External Control of File Name or Path

References

412d305a-227d-44f9-a262-a31ba44f2aea

Frequently asked questions

What is CVE-2026-13748?: CVE-2026-13748 is a medium-severity vulnerability in Snowflake Cli, classified under Path Traversal. CVSS score: 6.3/10. Published 2026-06-29.
How severe is CVE-2026-13748?: Medium severity. CVSS v3 base score is 6.3 out of 10.