Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an already-authenticated database user to gain higher privileges on the host by controlling a file name or path used by the server engine. The CVSS 3.1 base score is 7.8 with high impact to confidentiality, integrity, and availability, and Microsoft has released a patch. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours, identify all SQL Server instances across your organization running versions 2016 SP3 through 2025 and prioritize by business criticality. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
Remote code execution in Microsoft SQL Server (2016 SP3 through 2025) allows an authenticated, low-privileged attacker t
Privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an authenticated attacker to inject crafted S
Local privilege elevation in Microsoft SQL Server (2016 SP3 through 2025) allows an already-authenticated database user
SQL injection in Microsoft SQL Server 2016-2025 allows authenticated high-privilege attackers to elevate privileges loca
SQL injection in Microsoft SQL Server 2016-2025 allows authenticated high-privilege attackers to elevate privileges loca
Same weakness CWE-73 – External Control of File Name or Path
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44033
GHSA-84xv-35h8-r47j