CVE-2026-3293 - Vulnerability Analysis
LowCVSS: 3.3Last Updated: March 2, 2026
snowflakedb snowflake-jdbc - Denial of Service
Published: February 27, 2026Updated: March 2, 2026PoC Available
Overview
snowflakedb snowflake-jdbc <= 4.0.1 contains a denial of service caused by inefficient regular expression complexity in SdkProxyRoutePlanner's nonProxyHosts argument, letting local attackers cause resource exhaustion, exploit requires local access.
Severity & Score
Severity: Low
CVSS Score: 3.3
Impact
Local attackers can cause denial of service by exhausting resources via complex regex processing.
Mitigation
Apply the patch identified by commit 5fb0a8a318a2ed87f4022a1f56e742424ba94052 or update to a later version.
References
- https://snowflakecomputing.atlassian.net/browse/SNOW-3104251
- https://vuldb.com/?ctiid.348035
- https://vuldb.com/?id.348035
- https://vuldb.com/?submit.760428
- https://github.com/snowflakedb/snowflake-jdbc/
- https://github.com/snowflakedb/snowflake-jdbc/commit/5fb0a8a318a2ed87f4022a1f56e742424ba94052
- https://github.com/snowflakedb/snowflake-jdbc/issues/2505
- https://github.com/snowflakedb/snowflake-jdbc/issues/2505#issue-3951994646
Related Resources
Details
- CVE ID
- CVE-2026-3293
- Severity
- Low
- CVSS Score
- 3.3
- Type
- denial_of_service
- Status
- confirmed
CWE
- CWE-400
CVSS Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L