Dismissed
(no matching packages found)
Permalink
CVE-2026-55002
7.8 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Exploit Code Maturity (E): Unproven (U)
- Remediation Level (RL): Official Fix (O)
- Report Confidence (RC): Confirmed (C)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
Activity log
- Created & dismissed (no matching packages found) suggestion
Microsoft SQL Server Elevation of Privilege Vulnerability
External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.
References
Affected products
Microsoft SQL Server 2017 (GDR)
- <14.0.2120.1
Microsoft SQL Server 2019 (GDR)
- <15.0.2180.2
Microsoft SQL Server 2022 (GDR)
- <16.0.1190.2
Microsoft SQL Server 2025 (CU 6)
- <17.0.4060.2
Microsoft SQL Server 2017 (CU 31)
- <14.0.3540.1
Microsoft SQL Server 2019 (CU 32)
- <15.0.4480.2
Microsoft SQL Server 2016 Service Pack 3 (GDR)
- <13.0.6500.1
Microsoft SQL Server 2025 for x64-based Systems (GDR)
- <17.0.1125.2
Microsoft SQL Server 2022 for x64-based Systems (CU 25)
- <16.0.4262.2
Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack
- <13.0.7095.1