Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-15925— Improper TLS Hostname Verification in Snowflake Connector for Python

AI Predicted 5.9 Difficulty: Moderate EPSS 0.18% · P7

Affected Version Matrix 2

VendorProductVersion RangeStatus
SnowflakeSnowflake Connector for Python3.17.4< 3.18.1affected
4.0.0< 4.7.1affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-15925

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Improper TLS Hostname Verification in Snowflake Connector for Python
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 and 3.18.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this by intercepting or redirecting network traffic and presenting a certificate signed by any trusted CA for any domain, causing the connector to accept connections without validating that the certificate matched the requested hostname. Successful exploitation requires an on-path traffic interception capability (e.g. ARP/DNS poisoning, rogue access point, BGP hijacking, or malicious proxy/exit node). This vulnerability may have exposed credentials, query data, and staged file contents to interception and tampering, and may have enabled the attacker to issue arbitrary SQL within the context of the victim's connector session. Impact is limited by the privileges of the affected Snowflake role. The fix is available in Snowflake Connector for Python versions 4.7.1 and 3.18.1. Users must manually upgrade.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对宿主不匹配的证书验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Snowflake Connector for Python 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Snowflake Snowflake Connector for Python是美国Snowflake公司的一款连接Snowflake数据库的Python客户端。 Snowflake Connector for Python 3.18.1之前版本和4.7.1之前版本存在加密问题漏洞,该漏洞源于TLS主机名验证不当,可能导致网络位置的攻击者通过拦截或重定向网络流量,出示任何受信任CA为任何域名签名的证书,绕过连接器的HTTPS证书主机名验证,造成连接器接受连接而未验证证书是否与请求的主机名匹配。成功利用需
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SnowflakeSnowflake Connector for Python 3.17.4 ~ 3.18.1 -

II. Public POCs for CVE-2026-15925

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-15925

登录查看更多情报信息。

Vendor Pages for CVE-2026-15925 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-15925

No comments yet


Leave a comment