Skip to main content

SQL Server 2025 CVE-2026-54116

| EUVDEUVD-2026-44225 MEDIUM
Access of Resource Using Incompatible Type (Type Confusion) (CWE-843)
2026-07-14 microsoft GHSA-g4mf-v8c5-8rjm
6.5
CVSS 3.1 · NVD
Share

Severity by source

Vendor (microsoft) PRIMARY
MEDIUM
qualitative
NVD
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ENISA EUVD
HIGH
qualitative
vuln.today AI
6.5 MEDIUM

Network-reachable with low-privilege auth required; type confusion yields read-only data disclosure with no integrity or availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 22:00 vuln.today
CVE Published
Jul 14, 2026 - 17:09 nvd
MEDIUM 6.5

DescriptionNVD

Access of resource using incompatible type ('type confusion') in SQL Server allows an authorized attacker to disclose information over a network.

AnalysisAI

Type confusion (CWE-843) in Microsoft SQL Server 2025 enables authenticated, low-privileged network attackers to disclose sensitive server-side information. The CVSS vector (AV:N/PR:L/C:H) confirms that any authorized database user - regardless of their data access permissions - can potentially trigger the flaw remotely with no user interaction required. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged SQL Server credentials
Delivery
Connect to SQL Server 2025 over network
Exploit
Send crafted type-confused query or function call
Execution
Server misinterprets internal resource type
Impact
Disclose sensitive data beyond authorized scope

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid, authenticated database session with at least low-privilege access (PR:L per CVSS) to the SQL Server 2025 instance. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.5 Medium score is grounded in a realistic threat model: AV:N confirms network reachability, AC:L indicates no special timing or race conditions, but PR:L anchors the risk firmly to authenticated database sessions - unauthenticated exploitation is not possible per the CVSS vector. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker holding a low-privileged SQL Server account - such as a read-only reporting account or a compromised service account - connects to the SQL Server 2025 instance over the network and submits a crafted query or function call that triggers the type confusion in the server's query processor or memory management layer. The server misinterprets the resource type and returns memory contents or data from a region the user is not authorized to read, disclosing sensitive information to the attacker. …
Remediation Apply the vendor-released patch available through the Microsoft Security Response Center at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54116. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54116 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy