Vulnerability Details CVE-2026-3293
A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts can lead to inefficient regular expression complexity. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 5fb0a8a318a2ed87f4022a1f56e742424ba94052. A patch should be applied to remediate this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.3%
CVSS Severity
CVSS v3 Score 3.3
CVSS v2 Score 1.7
References
- https://github.com/snowflakedb/snowflake-jdbc/
- https://github.com/snowflakedb/snowflake-jdbc/commit/5fb0a8a318a2ed87f4022a1f56e742424ba94052
- https://github.com/snowflakedb/snowflake-jdbc/issues/2505
- https://github.com/snowflakedb/snowflake-jdbc/issues/2505#issue-3951994646
- https://snowflakecomputing.atlassian.net/browse/SNOW-3104251
- https://vuldb.com/?ctiid.348035
- https://vuldb.com/?id.348035
- https://vuldb.com/?submit.760428
Products affected by CVE-2026-3293
-
cpe:2.3:a:snowflake:snowflake_jdbc:-
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.0.13
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.0.14
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.0.15
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.0.16
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.0.17
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.0.18
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.0.19
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.0.20
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.0.21
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.1.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.1.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.10.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.10.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.10.2
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.10.3
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.11.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.11.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.10
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.11
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.12
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.13
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.14
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.15
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.16
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.17
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.2
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.3
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.4
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.5
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.6
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.7
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.8
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.12.9
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.10
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.11
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.12
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.13
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.14
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.15
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.16
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.17
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.18
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.19
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.2
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.20
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.21
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.22
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.23
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.24
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.25
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.26
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.27
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.28
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.29
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.3
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.30
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.4
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.5
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.6
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.7
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.8
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.13.9
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.2.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.2.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.2.2
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.2.3
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.2.4
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.2.5
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.2.6
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.2.7
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.20.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.22.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.23.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.3.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.3.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.3.2
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.3.3
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.4.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.4.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.4.2
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.4.3
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.5.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.5.2
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.5.3
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.5.4
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.5.5
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.10
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.11
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.12
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.13
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.14
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.15
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.16
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.17
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.18
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.19
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.2
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.20
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.21
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.23
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.24
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.25
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.26
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.27
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.28
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.3
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.4
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.5
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.6
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.7
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.8
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.6.9
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.7.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.7.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.7.2
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.8.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.8.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.8.2
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.8.3
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.8.4
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.8.5
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.8.6
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.8.7
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.8.8
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.9.0
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.9.1
-
cpe:2.3:a:snowflake:snowflake_jdbc:3.9.2