SQL Injection in Snowflake Spark Connector

CVE-2026-15183

Multiple input validation vulnerabilities in the Snowflake Spark Connector (spark-snowflake) versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or…

Vulnerability class: SQL Injection

Affected products

Weakness classification (CWE)

References