Snowflake Cortex Code CLI Sandbox Escape Vulnerability
The National Vulnerability Database (NVD) has reported a high-severity vulnerability, CVE-2026-6442, impacting Snowflake Cortex Code CLI versions prior to 1.0.25. This flaw, rated with a CVSS score of 8.3 (HIGH), stems from improper validation of bash commands, which could allow subsequent commands to execute outside the intended sandbox environment.
According to the NVD, an attacker could exploit this by embedding specially crafted commands within untrusted content, such as a malicious repository. This would trick the CLI agent into executing arbitrary code on the local device without user consent. While the exploitation is described as non-deterministic and model-dependent, the potential for arbitrary code execution is a serious concern. Fortunately, the fix for this issue is automatically applied upon relaunch of the CLI, requiring no manual user action.
What This Means For You
- If your organization utilizes Snowflake Cortex Code CLI, ensure all instances are updated to version 1.0.25 or newer. While the fix is automatic upon relaunch, it's crucial to verify that all deployments have indeed been restarted to apply the patch. This vulnerability represents a critical sandbox escape, meaning a bad actor could gain control outside the intended secure environment.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, QRadar AQL, and Wazuh.
Suspicious File Download via Email
Want this in your SIEM's native format? Get Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, or Wazuh — ready to paste.
3 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.
Get All SIEM Formats →Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-6442 | RCE | Snowflake Cortex Code CLI versions prior to 1.0.25 |
| CVE-2026-6442 | Code Injection | Improper validation of bash commands |
| CVE-2026-6442 | RCE | Execution of arbitrary code outside the sandbox |
Written by SCW Vulnerability Desk
Related Posts
Project Glasswing Is Not Just Another AI Security Announcement
Anthropic's Project Glasswing brings together AWS, Microsoft, Google, CrowdStrike, Palo Alto Networks and others to secure critical software using Claude Mythos Preview — a frontier...
CVE-2025-43937 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains
CVE-2025-43937 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local...
CVE-2025-43935 — Denial of Service
CVE-2025-43935 — Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could...