{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6442", "assignerOrgId": "412d305a-227d-44f9-a262-a31ba44f2aea", "state": "PUBLISHED", "assignerShortName": "SNOWFLAKE", "dateReserved": "2026-04-16T18:21:41.495Z", "datePublished": "2026-04-16T18:43:21.181Z", "dateUpdated": "2026-04-16T18:54:58.366Z"}, "containers": {"cna": {"title": "Improper Command Detection Logic Allows RCE in Cortex Code Command-Line Interface", "descriptions": [{"lang": "en", "value": "Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required."}], "affected": [{"vendor": "Snowflake", "product": "Cortex Code CLI", "versions": [{"version": "<1.0.25", "versionType": "custom", "status": "affected"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1286", "description": "Improper Validation of Syntactic Correctness of Input", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}}], "references": [{"url": "https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Response"}, {"url": "https://www.promptarmor.com/"}], "credits": [{"lang": "en", "value": "PromptArmor"}], "providerMetadata": {"orgId": "412d305a-227d-44f9-a262-a31ba44f2aea", "shortName": "SNOWFLAKE", "dateUpdated": "2026-04-16T18:43:21.181Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-16T18:54:18.323183Z", "id": "CVE-2026-6442", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T18:54:58.366Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6442", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-16T18:54:18.323183Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-16T18:54:48.389Z"}}], "cna": {"title": "Improper Command Detection Logic Allows RCE in Cortex Code Command-Line Interface", "credits": [{"lang": "en", "value": "PromptArmor"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Snowflake", "product": "Cortex Code CLI", "versions": [{"status": "affected", "version": "<1.0.25", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Response"}, {"url": "https://www.promptarmor.com/"}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1286", "description": "Improper Validation of Syntactic Correctness of Input"}]}], "providerMetadata": {"orgId": "412d305a-227d-44f9-a262-a31ba44f2aea", "shortName": "SNOWFLAKE", "dateUpdated": "2026-04-16T18:43:21.181Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6442", "state": "PUBLISHED", "dateUpdated": "2026-04-16T18:54:58.366Z", "dateReserved": "2026-04-16T18:21:41.495Z", "assignerOrgId": "412d305a-227d-44f9-a262-a31ba44f2aea", "datePublished": "2026-04-16T18:43:21.181Z", "assignerShortName": "SNOWFLAKE"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository, causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required."}], "id": "CVE-2026-6442", "lastModified": "2026-04-17T15:38:09.243", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 6.0, "source": "412d305a-227d-44f9-a262-a31ba44f2aea", "type": "Secondary"}]}, "published": "2026-04-16T19:16:35.560", "references": [{"source": "412d305a-227d-44f9-a262-a31ba44f2aea", "url": "https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Response"}, {"source": "412d305a-227d-44f9-a262-a31ba44f2aea", "url": "https://www.promptarmor.com/"}], "sourceIdentifier": "412d305a-227d-44f9-a262-a31ba44f2aea", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1286"}], "source": "412d305a-227d-44f9-a262-a31ba44f2aea", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.25)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Cortex Code CLI", "source": "cna", "vendor": "Snowflake"}, "product": "cortex_code_cli", "vendor": "snowflake"}], "analysis": {"en": {"generated_at": "2026-04-17T02:28:38.704947+00:00", "value": {"mitigation_remediation": ["Upgrade Snowflake Cortex Code CLI to version 1.0.25 or later to apply the automatic fix", "If an upgrade cannot be performed immediately, isolate the CLI environment and restrict it to trusted repositories only, enforcing strict content scanning", "Monitor system logs for unexpected command execution and audit activity for signs of exploitation attempts"], "summary": {"action": "Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Snowflake Cortex Code CLI versions prior to 1.0.25 are affected; any installation that processes untrusted repositories or content can be impacted. No specific operating system is singled out, so all platforms supported by the CLI are potentially vulnerable.", "description_and_impact": "The vulnerability arises from improper validation of bash commands in the Snowflake Cortex Code Command\u2011Line Interface, allowing subsequent commands to be executed outside the intended sandbox. This flaw, identified as CWE\u20111286, enables an attacker to embed specially crafted commands in untrusted content such as a malicious repository, leading to arbitrary code execution on the local device without user consent. The impact is a compromise of confidentiality, integrity, and availability of the affected system.", "risk_and_exploitability": "The CVSS score of 8.3 signals high severity. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed active exploitation. The likely attack vector, inferred from the description, involves submitting malicious content through a repository that the CLI consumes; the exploitation is non\u2011deterministic and model\u2011dependent. While the risk window may be limited, the potential damage remains significant and requires prompt remediation."}}}}, "created": "2026-04-17T02:30:07.318970+00:00", "updated": "2026-04-17T08:01:28.434996+00:00", "vendors": ["snowflake", "snowflake$PRODUCT$cortex_code_cli"]}