Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Network-reachable SQL Server requires only a valid low-privilege login; buffer over-read is read-only yielding C:H with no integrity or availability impact.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network.
AnalysisAI
Buffer over-read in Microsoft SQL Server 2025 exposes server memory contents to low-privileged authenticated attackers over the network, resulting in high confidentiality impact with no integrity or availability consequences. Both the Cumulative Update 6 (CU 6) and General Distribution Release (GDR) servicing tracks on x64-based systems are confirmed affected per vendor CPE data. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid SQL Server login with at minimum low-privileged access (CVSS PR:L) - unauthenticated access is insufficient. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.5 Medium score (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) reflects a network-reachable, low-complexity flaw yielding high confidentiality impact, but gated behind low-privileged authentication - meaning unauthenticated mass exploitation is not possible. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged SQL Server account - such as a read-only application service account or an internal developer login - connects to a SQL Server 2025 instance over the network and submits a crafted query or protocol message designed to trigger the buffer over-read in the server's data processing layer. The server reads beyond its intended memory buffer boundary and returns the extraneous memory contents to the authenticated client over the network, potentially exposing in-memory data such as result-set fragments, session data, or other co-resident sensitive information. … |
| Remediation | Apply the vendor-released security update per Microsoft's MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50468; the input data confirms a patch is available but does not specify the exact fixed build numbers - these must be verified directly from the advisory before deployment. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Remote code execution in Microsoft SQL Server (2016 SP3 through 2025) allows an authenticated, low-privileged attacker t
Remote code execution in Microsoft SQL Server 2025 (CU6 and the x64 GDR branch) lets an authenticated attacker run arbit
Privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an authenticated attacker to inject crafted S
Local privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an already-authenticated database user
Local privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an already-authenticated database user
Type confusion (CWE-843) in Microsoft SQL Server 2025 enables authenticated, low-privileged network attackers to disclos
Same weakness CWE-126 – Buffer Over-read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44224
GHSA-89h6-3v24-5cwv