A vulnerability described as critical has been identified in Snowflake SQLAlchemy up to 1.10.x. Impacted is an unknown function of the component Merge Operations/Query-Building API/Connection Configuration. The manipulation of the argument column identifiers/crafted string/connection configuration parameters/request field names results in sql injection.

This vulnerability is identified as CVE-2026-15736. The attack can be executed remotely. There is not any exploit available.