CVE-2026-6442
Published: 16 April 2026
Summary
CVE-2026-6442 is a high-severity Improper Validation of Syntactic Correctness of Input (CWE-1286) vulnerability in Snowflake Cortex Code CLI (inferred from references). Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 23.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of inputs such as bash commands to prevent improper validation that allows execution outside the sandbox.
Enforces process isolation to maintain the CLI agent's sandbox integrity, blocking breakout and arbitrary code execution from untrusted content.
Mandates timely flaw remediation, such as updating to Snowflake Cortex Code CLI version 1.0.25, to correct the improper command validation vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables arbitrary bash command execution outside sandbox via improper validation when processing untrusted repository content, directly facilitating Unix Shell (T1059.004) and requiring user interaction with malicious file (T1204.002).
NVD Description
Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding specially crafted commands in untrusted content, such as a malicious repository,…
more
causing the CLI agent to execute arbitrary code on the local device without user consent. Exploitation is non-deterministic and model-dependent. The fix is automatically applied upon relaunch with no user action required.
Deeper analysisAI
CVE-2026-6442 is an improper validation of bash commands vulnerability affecting Snowflake Cortex Code CLI versions prior to 1.0.25. The flaw enables subsequent commands to execute outside the intended sandbox, stemming from CWE-1286 (Improper Validation of Specified Index or Position). Published on 2026-04-16 with a CVSS v3.1 base score of 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H), it poses a high-severity risk due to its potential for broad impact across confidentiality, integrity, and availability.
An attacker can exploit this vulnerability over the network by embedding specially crafted commands in untrusted content, such as a malicious repository. This requires tricking a user into interacting with the content via the CLI (UI:R), with no privileges needed (PR:N) but high attack complexity (AC:H). Successful exploitation leads to arbitrary code execution on the victim's local device without further consent, though it is non-deterministic and model-dependent. The changed scope (S:C) amplifies the impact to high levels across all CIA triad categories.
Snowflake's advisory confirms the fix is automatically applied upon relaunch of the CLI, requiring no user action. Additional details are available in the PromptArmor Report on Snowflake's community site (https://community.snowflake.com/s/article/PromptArmor-Report---Snowflake-Response) and PromptArmor's site (https://www.promptarmor.com/), which likely cover discovery and response specifics.
Details
- CWE(s)