Skip to main content

Severity by source

Vendor (microsoft) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ENISA EUVD
HIGH
qualitative
CIRCL (temporal)
7.7 HIGH
cvss
vuln.today AI
8.8 HIGH

Network-reachable database with low-complexity exploit needing an authenticated low-privilege login (PR:L), no user interaction, yielding full RCE and high C/I/A impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 18:10 vuln.today
CVE Published
Jul 14, 2026 - 17:05 nvd
HIGH 8.8

DescriptionCVE.org

Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.

AnalysisAI

Remote code execution in Microsoft SQL Server (2016 SP3 through 2025) allows an authenticated, low-privileged attacker to run arbitrary code on the database server by sending crafted data that the engine deserializes unsafely (CWE-502). Any account able to submit queries or data over the network to a vulnerable instance can achieve full compromise of confidentiality, integrity, and availability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to SQL Server with low-privilege login
Delivery
Send crafted serialized payload over TDS
Exploit
Trigger unsafe deserialization in engine
Execution
Execute gadget chain as service account
Impact
Full compromise of database host

Vulnerability AssessmentAI

Exploitation Exploitation requires network access to a SQL Server instance (TDS/port 1433 by default) and a valid authenticated database login, consistent with PR:L in the CVSS vector - the description's phrase 'authorized attacker' confirms credentials are mandatory, which is the principal limiting factor. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, 8.8) describes network-reachable, low-complexity exploitation requiring only low privileges and no user interaction, yielding full high impact on all three security properties - a serious profile because most SQL Server deployments grant query access to numerous application and user accounts, so the PR:L barrier is low in practice. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who holds or phishes any low-privileged SQL Server login connects over the network and submits specially crafted data that the engine deserializes, triggering a gadget chain that executes attacker code in the SQL Server service context. Given AV:N/AC:L, the request is straightforward and needs no user interaction, so a single compromised application service account could pivot to full server takeover. …
Remediation Patch available per vendor advisory: apply the SQL Server security update for your branch (2016 SP3, 2017, 2019, 2022, or 2025) via the GDR or CU servicing train you are on, following the build-specific fixed versions listed in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54118 - choose the GDR update if you apply security-only fixes or the corresponding cumulative update (e.g., CU 31/CU 32/CU 25/CU 6) if you are on the CU train. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all SQL Server instances running versions 2016 SP3 through 2025 and prioritize identifying production systems; restrict database access during this period to only essential trusted user accounts. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54118 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy