CVE-2026-15067
Snowflake · Terraform Provider for Snowflake
The Snowflake Terraform Provider is vulnerable to SQL Injection, allowing authenticated attackers to execute arbitrary SQL commands via improper input neutralization.
Executive summary
An authenticated SQL injection vulnerability in the Snowflake Terraform Provider poses a significant risk of unauthorized data access and total system compromise.
Vulnerability
This vulnerability is a classic SQL Injection (CWE-89) flaw where special elements in SQL commands are not properly neutralized. An authenticated attacker can leverage this to manipulate database queries, potentially leading to unauthorized data exfiltration or modification.
Business impact
The exploitation of this vulnerability can result in a total compromise of the database environment, including unauthorized access to sensitive business data and potential administrative control over the Snowflake instance. Given the CVSS score of 8.8, this is a high-severity issue that could lead to severe regulatory non-compliance and reputational damage.
Remediation
Immediate Action: Upgrade to version 2.18.0 or later of the Snowflake Terraform Provider immediately to incorporate the necessary input sanitization.
Proactive Monitoring: Review database access logs for unusual query patterns, particularly those involving unexpected syntax or unauthorized object access attempts.
Compensating Controls: Ensure that the database service account used by Terraform follows the principle of least privilege, restricting its permissions to only those strictly necessary for infrastructure management.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The high CVSS score reflects the critical nature of SQL injection flaws in infrastructure-as-code tools. Organizations must prioritize upgrading their Terraform provider versions to mitigate the risk of unauthorized database access and maintain the integrity of their cloud infrastructure.