Apache Airflow Providers Snowflake: Potential SQL injection in CopyFromExternalStageToSnowflakeOperator
Description
Apache Airflow Providers Snowflake before 6.4.0 has a SQL injection vulnerability in CopyFromExternalStageToSnowflakeOperator due to unsanitized table/stage parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache Airflow Providers Snowflake before 6.4.0 has a SQL injection vulnerability in CopyFromExternalStageToSnowflakeOperator due to unsanitized table/stage parameters.
Vulnerability
Overview
CVE-2025-50213 is a special element injection (SQL injection) vulnerability in the Apache Airflow Providers Snowflake package, affecting versions before 6.4.0. The flaw resides in the CopyFromExternalStageToSnowflakeOperator, where the table and stage parameters were not sanitized before being used in SQL queries. This allows an attacker to inject arbitrary SQL commands by supplying malicious input to these parameters [2].
Exploitation
Details
To exploit this vulnerability, an attacker must have the ability to define or influence the table or stage parameters of a DAG that uses the CopyFromExternalStageToSnowflakeOperator. This could be achieved through a compromised Airflow user account or by crafting a DAG that accepts external input. The fix, as shown in the commit, adds a validation function that rejects any parameter containing a semicolon (;), which is a common SQL injection delimiter [3]. The PyPA advisory confirms the injection vector and the need for input sanitization [4].
Impact
Successful exploitation could allow an attacker to execute arbitrary SQL statements against the Snowflake database, potentially leading to data exfiltration, modification, or deletion. The severity is high, as it compromises the confidentiality, integrity, and availability of the data managed by the affected Airflow instance.
Mitigation
The vulnerability is fixed in Apache Airflow Providers Snowflake version 6.4.0. Users are strongly recommended to upgrade immediately [2]. No workarounds are documented; upgrading is the only reliable mitigation. The fix introduces input validation that blocks semicolons in the affected parameters, preventing SQL injection [3].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflow-providers-snowflakePyPI | < 6.4.0 | 6.4.0 |
Affected products
8- osv-coords7 versionspkg:apk/chainguard/airflow-3pkg:apk/chainguard/airflow-3-compatpkg:apk/chainguard/airflow-3-iamguarded-compatpkg:apk/wolfi/airflow-3pkg:apk/wolfi/airflow-3-compatpkg:apk/wolfi/airflow-3-iamguarded-compatpkg:pypi/apache-airflow-providers-snowflake
< 3.1.2-r0+ 6 more
- (no CPE)range: < 3.1.2-r0
- (no CPE)range: < 3.1.2-r0
- (no CPE)range: < 3.1.2-r0
- (no CPE)range: < 3.1.2-r0
- (no CPE)range: < 3.1.2-r0
- (no CPE)range: < 3.1.2-r0
- (no CPE)range: < 6.4.0
- Range: 0
Patches
21c98f573a29dd450613b2ebfVulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/apache/airflow/pull/51734ghsapatchWEB
- github.com/advisories/GHSA-9r64-3wmc-x8m8ghsaADVISORY
- lists.apache.org/thread/2kqfmyt2pghg5f6797g8hzvq331v8qx3ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2025-50213ghsaADVISORY
- github.com/apache/airflow/pull/51734/commits/bcf19916738e4a7065a3911814ba1fa32d6fd669ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/apache-airflow-providers-snowflake/PYSEC-2025-51.yamlghsaWEB
News mentions
0No linked articles in our index yet.