# [HIGH] Command injection vulnerability in Snyk CLI released prior to September 1, 2022 (older than v1.996.0)

**Source:** Snyk
**Published:** 2022-10-03
**Article:** https://snyk.io/blog/command-injection-vulnerability-cve-2022-40764/

## Threat Profile

Snyk Blog Written by Gareth Rushgrove 
October 3, 2022
0 mins read As a Snyk user, we want to let you know about a medium severity vulnerability (CVSSv3 6.4) in our CLI that you should be aware of: CVE-2022-40764 . As the CLI is used as part of our CI and IDE integrations, those are impacted too. Although hard to exploit, this vulnerability can lead to arbitrary code execution on the host system.
If you are running a version of the Snyk CLI released since September 1 (all versions from 1.996.0 i…

## Indicators of Compromise (high-fidelity only)

- **CVE:** `CVE-2022-40764`

## MITRE ATT&CK Techniques

- **T1190** — Exploit Public-Facing Application

## Kill chain phases observed

_(none detected from narrative keywords)_

## Recommended hunts

### IOC-driven hunts (use shared templates)

These are standard IOC-substitution hunts — the canonical SPL and KQL live once in [`_TEMPLATES.md`](../_TEMPLATES.md), so we don't repeat the same boilerplate on every CVE / hash / network-IOC briefing.

- **Asset exposure — vulnerability matches article CVE(s)** ([template](../_TEMPLATES.md#asset-exposure)) — phase: **recon**, confidence: **High**
  - CVE(s): `CVE-2022-40764`


## Why this matters

Severity classified as **HIGH** based on: CVE present, 1 use case(s) fired, 1 technique(s) inferred. Read the full article for actor attribution, tooling details, and any defanged IOCs in the body that aren't visible in the RSS summary.