{"api_version":"1","generated_at":"2026-07-08T18:26:22+00:00","cve":"CVE-2026-15067","urls":{"html":"https://cve.report/CVE-2026-15067","api":"https://cve.report/api/cve/CVE-2026-15067.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-15067","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-15067"},"summary":{"title":"Multiple Security Vulnerabilities in Terraform Provider for Snowflake Could Allow Privilege Escalation and Unauthorized Snowflake Account Takeover","description":"Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration and minting of long-lived access credentials. Exploitation requires the ability for an attacker to  influence a workspace variable in a pipeline where this data source was enabled. Improper neutralization of identifier content in user resource inputs could allow DDL injection into user management statements, potentially causing accounts to be created with attacker-controlled credentials and without the  security controls configured by the operator. The fix is available in Snowflake Terraform Provider version 2.18.0. Users must manually upgrade.","state":"PUBLISHED","assigner":"SNOWFLAKE","published_at":"2026-07-08 15:16:26","updated_at":"2026-07-08 16:16:27"},"problem_types":["CWE-89","CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":[{"version":"3.1","source":"412d305a-227d-44f9-a262-a31ba44f2aea","type":"Secondary","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.8","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://github.com/snowflakedb/terraform-provider-snowflake/releases","name":"https://github.com/snowflakedb/terraform-provider-snowflake/releases","refsource":"412d305a-227d-44f9-a262-a31ba44f2aea","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-15067","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-15067","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Snowflake","product":"Terraform Provider for Snowflake","version":"affected 0.1.0 2.18.0 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-15067","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-07-08T15:19:10.711645Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-07-08T15:19:35.970Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Terraform Provider for Snowflake","vendor":"Snowflake","versions":[{"lessThan":"2.18.0","status":"affected","version":"0.1.0","versionType":"semver"}]}],"descriptions":[{"lang":"en","value":"Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration and minting of long-lived access credentials. Exploitation requires the ability for an attacker to  influence a workspace variable in a pipeline where this data source was enabled. Improper neutralization of identifier content in user resource inputs could allow DDL injection into user management statements, potentially causing accounts to be created with attacker-controlled credentials and without the  security controls configured by the operator. The fix is available in Snowflake Terraform Provider version 2.18.0. Users must manually upgrade."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-08T14:43:32.006Z","orgId":"412d305a-227d-44f9-a262-a31ba44f2aea","shortName":"SNOWFLAKE"},"references":[{"name":"Snowflake Terraform Provider Release Notes","url":"https://github.com/snowflakedb/terraform-provider-snowflake/releases"}],"title":"Multiple Security Vulnerabilities in Terraform Provider for Snowflake Could Allow Privilege Escalation and Unauthorized Snowflake Account Takeover","x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"412d305a-227d-44f9-a262-a31ba44f2aea","assignerShortName":"SNOWFLAKE","cveId":"CVE-2026-15067","datePublished":"2026-07-08T14:43:32.006Z","dateReserved":"2026-07-08T14:39:47.802Z","dateUpdated":"2026-07-08T15:19:35.970Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-08 15:16:26","lastModifiedDate":"2026-07-08 16:16:27","problem_types":["CWE-89","CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"metrics":{"cvssMetricV31":[{"source":"412d305a-227d-44f9-a262-a31ba44f2aea","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-08T15:19:10.711645Z","id":"CVE-2026-15067","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"15067","Ordinal":"1","Title":"Multiple Security Vulnerabilities in Terraform Provider for Snow","CVE":"CVE-2026-15067","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"15067","Ordinal":"1","NoteData":"Snowflake Terraform Provider versions prior to 2.18.0 contain several security vulnerabilities, including SQL injection via an unsanitized data source input could result in arbitrary SQL execution under the provider's privileged Snowflake session, potentially enabling sensitive data exfiltration and minting of long-lived access credentials. Exploitation requires the ability for an attacker to  influence a workspace variable in a pipeline where this data source was enabled. Improper neutralization of identifier content in user resource inputs could allow DDL injection into user management statements, potentially causing accounts to be created with attacker-controlled credentials and without the  security controls configured by the operator. The fix is available in Snowflake Terraform Provider version 2.18.0. Users must manually upgrade.","Type":"Description","Title":"Multiple Security Vulnerabilities in Terraform Provider for Snow"}]}}}