Vulnerabilities ›

CVE-2026-3293

Low

CWE-400 — Weakness Type

                    Published: Feb 27, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

3.3

🔗 NVD Official

📄 Description (English)

A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java of the component JDBC URL Handler. Executing a manipulation of the argument nonProxyHosts can lead to inefficient regular expression complexity. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 5fb0a8a318a2ed87f4022a1f56e742424ba94052. A patch should be applied to remediate this issue.

🤖 AI Executive Summary

A regular expression denial of service (ReDoS) vulnerability exists in Snowflake JDBC driver versions up to 4.0.1 affecting the SdkProxyRoutePlanner component. The vulnerability can be exploited locally by manipulating the nonProxyHosts argument to cause inefficient regex processing.

📄 Description (Arabic)

ثغرة في معالج URL الخاص بـ Snowflake JDBC تسمح بهجوم رفض الخدمة من خلال تعقيد التعبير العادي غير الفعال. يتطلب الاستغلال وصولاً محليًا فقط ويؤثر على الإصدارات حتى 4.0.1.

🤖 ملخص تنفيذي (AI)

ثغرة في برنامج تشغيل Snowflake JDBC تصل إلى الإصدار 4.0.1 تؤثر على مكون SdkProxyRoutePlanner. يمكن استغلال الثغرة محليًا من خلال التلاعب بمعامل nonProxyHosts لإحداث معالجة regex غير فعالة.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 08:34

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

banking telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1499.004

⚖️ Saudi Risk Score (AI)

3.0

/ 10.0

🔧 Remediation Steps (English)

Update Snowflake JDBC driver to version 4.0.2 or later. Apply patch 5fb0a8a318a2ed87f4022a1f56e742424ba94052 or upgrade to the latest available version. Restrict local access to systems running vulnerable JDBC versions.

🔧 خطوات المعالجة (العربية)

قم بتحديث برنامج تشغيل Snowflake JDBC إلى الإصدار 4.0.2 أو أحدث. طبق التصحيح 5fb0a8a318a2ed87f4022a1f56e742424ba94052 أو قم بالترقية إلى أحدث إصدار متاح. قيد الوصول المحلي للأنظمة التي تقوم بتشغيل إصدارات JDBC المعرضة للخطر.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.IP-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1

🔗 References & Sources 8

🔗

https://github.com/snowflakedb/snowflake-jdbc/

cna@vuldb.com

🔗

https://github.com/snowflakedb/snowflake-jdbc/commit/5fb0a8a318a2ed87f4022a1f56e742424b...

cna@vuldb.com

🔗

https://github.com/snowflakedb/snowflake-jdbc/issues/2505

cna@vuldb.com

🔗

https://github.com/snowflakedb/snowflake-jdbc/issues/2505#issue-3951994646

cna@vuldb.com

🔗

https://snowflakecomputing.atlassian.net/browse/SNOW-3104251

cna@vuldb.com

🔗

https://vuldb.com/?ctiid.348035

cna@vuldb.com

🔗

https://vuldb.com/?id.348035

cna@vuldb.com

🔗

https://vuldb.com/?submit.760428

cna@vuldb.com

📊 CVSS Score

3.3

/ 10.0 — Low

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityL — Low / Local

📋 Quick Facts

Severity Low

CVSS Score3.3

CWECWE-400

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-02-27

Source Feed nvd

🇸🇦 Saudi Risk Score

3.0

/ 10.0 — Saudi Risk

Priority: LOW

🏷️ Tags

CWE-400

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-3293

💬 Comments

Introduce Yourself

Sign In Required