What is CVE-2026-13749?

CVE-2026-13749 is a high-severity vulnerability in Snowflake Cli, classified under Code Injection. CVSS score: 8.8/10. Published 2026-06-29.

How severe is CVE-2026-13749?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Snowflake Cli

CVE-2026-13749

Improper neutralization in the Snowpark annotation processor callback template in Snowflake CLI versions prior to 3.19 allowed arbitrary code execution during application bundling or deployment. An attacker could exploit this by supplying…

Vulnerability class: RCE (Remote Code Execution)

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Snowflake Cli — versions 2.4.0

Weakness classification (CWE)

CWE-94 — Code Injection

References

412d305a-227d-44f9-a262-a31ba44f2aea

Frequently asked questions

What is CVE-2026-13749?: CVE-2026-13749 is a high-severity vulnerability in Snowflake Cli, classified under Code Injection. CVSS score: 8.8/10. Published 2026-06-29.
How severe is CVE-2026-13749?: High severity. CVSS v3 base score is 8.8 out of 10.