CVE-2026-3293— snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner redos
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-3293
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
snowflakedb snowflake-jdbc JDBC URL SdkProxyRoutePlanner.java SdkProxyRoutePlanner redos
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts can lead to inefficient regular expression complexity. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 5fb0a8a318a2ed87f4022a1f56e742424ba94052. A patch should be applied to remediate this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1333
Source: NVD (National Vulnerability Database)
Vulnerability Title
Snowflake JDBC Driver 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Snowflake JDBC Driver是Snowflake公司的一个 Snowflake JDBC 驱动程序。 Snowflake JDBC Driver 4.0.1及之前版本存在安全漏洞,该漏洞源于对组件JDBC URL Handler的文件src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java中函数SdkProxyRoutePlanner的参数nonProxyHosts的错误操作,可能导致正则表达式拒绝服
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| snowflakedb | snowflake-jdbc | 4.0.0 | - |
II. Public POCs for CVE-2026-3293
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-3293
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: snowflake-jdbc
Same vendor: snowflakedb
- CVE-2025-46329
Snowflake Connector for C/C++ inserts client-side encryption - CVE-2025-46330
Snowflake Connector for C/C++ retries malformed requests - CVE-2025-46328
NodeJS Driver for Snowflake has race condition when checking - CVE-2025-46327
Go Snowflake Driver has race condition when checking access - CVE-2025-46326
Snowflake Connector for .NET has race condition when checkin
Same weakness: CWE-1333
- CVE-2026-33079
Mistune ReDoS in LINK_TITLE_RE allows denial of service with - CVE-2026-41040
GROWI 安全漏洞 - CVE-2026-40319
Giskard has a Regular Expression Denial of Service (ReDoS) i - CVE-2026-5986
Zod jsVideoUrlParser util.js getTime redos - CVE-2026-35041
ReDoS in fast-jwt when using RegExp in allowed* leading to C
V. Comments for CVE-2026-3293
No comments yet