Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Dismissed
(no matching packages found)
Permalink CVE-2026-55002
7.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Exploit Code Maturity (E): Unproven (U)
  • Remediation Level (RL): Official Fix (O)
  • Report Confidence (RC): Confirmed (C)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
created 6 hours ago Activity log
  • Created & dismissed (no matching packages found) suggestion
Microsoft SQL Server Elevation of Privilege Vulnerability

External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.

Affected products

Microsoft SQL Server 2017 (GDR)
  • <14.0.2120.1
Microsoft SQL Server 2019 (GDR)
  • <15.0.2180.2
Microsoft SQL Server 2022 (GDR)
  • <16.0.1190.2
Microsoft SQL Server 2025 (CU 6)
  • <17.0.4060.2
Microsoft SQL Server 2017 (CU 31)
  • <14.0.3540.1
Microsoft SQL Server 2019 (CU 32)
  • <15.0.4480.2
Microsoft SQL Server 2016 Service Pack 3 (GDR)
  • <13.0.6500.1
Microsoft SQL Server 2025 for x64-based Systems (GDR)
  • <17.0.1125.2
Microsoft SQL Server 2022 for x64-based Systems (CU 25)
  • <16.0.4262.2
Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack
  • <13.0.7095.1