Skip to main content

Severity by source

Vendor (microsoft) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
vuln.today AI
8.8 HIGH

Network-reachable SQL injection needing only a low-privileged login (PR:L) and no user interaction; privilege elevation yields high C/I/A within the unchanged scope of the database server.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 21:55 vuln.today
CVE Published
Jul 14, 2026 - 17:08 nvd
HIGH 8.8

DescriptionCVE.org

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

AnalysisAI

Privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an authenticated attacker to inject crafted SQL commands over the network and gain higher database privileges (CVSS 8.8). The flaw is a classic improper neutralization of special elements (CWE-89) reachable by any principal already holding low-level database access. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege SQL login
Delivery
Reach SQL Server over network (TCP 1433)
Exploit
Submit crafted input into vulnerable query
Execution
Break out via SQL injection
Persist
Execute commands in elevated context
Impact
Elevate privileges on database server

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already hold a valid low-privileged SQL Server authentication context (CVSS PR:L) and network connectivity to the SQL Server instance (AV:N), but no user interaction and no elevated privileges beyond that initial low-level access. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, base 8.8) indicates a genuinely high-priority, network-reachable, low-complexity flaw requiring only low privileges and no user interaction, with high impact to confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker holding a low-privileged SQL Server login (for example a compromised application service account or an over-permissioned analyst account) connects over the network and submits input crafted to break out of an intended query into an attacker-controlled SQL command. Because attack complexity is low and no user interaction is needed, the injected commands execute in a higher-privileged context, elevating the attacker's effective rights within the database server. …
Remediation Apply the vendor-released security update for your specific SQL Server branch as tracked in the Microsoft MSRC update guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47295); Patch available per vendor advisory covers SQL Server 2016 SP3 (GDR and Azure Connect Feature Pack), 2017 (GDR/CU 31), 2019 (GDR/CU 32), 2022 (GDR/CU 25), and 2025 (GDR/CU 6) - select the GDR or CU package matching your current servicing train and install the corresponding fixed build. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all Microsoft SQL Server instances running versions 2016 SP3, 2017, 2019, 2022, or 2025, and document which accounts have database-level access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-47295 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy