CVE-2026-6442

Published: Apr 16, 2026 Last Modified: Apr 16, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,3

Source: 412d305a-227d-44f9-a262-a31ba44f2aea

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required.

1286

Improper Validation of Syntactic Correctness of Input

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Other

Potential Impacts:

Varies By Context

Applicable Platforms

All platforms may be affected

View CWE Details

https://community.snowflake.com/s/article/PromptArmor-Repor…

https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Respon…

https://www.promptarmor.com/

CVE-2026-6442

Description

Improper Validation of Syntactic Correctness of Input

Common Consequences

Applicable Platforms

Iscriviti alla newsletter