Primary

Context

Snowflake Cortex Code CLI Improper Command Validation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A vulnerability in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed improper validation of bash commands, enabling subsequent commands to execute outside of a controlled environment. This issue could be exploited by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. The exploitation of this vulnerability is non-deterministic and depends on the model used.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of arbitrary code on the local device where the Snowflake Cortex Code CLI is running.

Remediation

Users of Snowflake Cortex Code CLI should update to version 1.0.25 or later. The update is automatically applied upon relaunch of the CLI.

Added: Apr 16, 2026, 7:44 PM

Updated: Apr 16, 2026, 7:44 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.8

remediation

0.0

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.8

remediation

0.0

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Snowflake Cortex Code CLI Improper Command Validation Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating