Microsoft Microsoft Sql Server 2025 (Cu 6)
7 CVEs affecting Microsoft Microsoft Sql Server 2025 (Cu 6). Latest disclosed: 2026-07-14. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-47295 | High | 8.8 | 2026-07-14 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n⦠|
CVE-2026-54118 | High | 8.8 | 2026-07-14 | Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network. |
CVE-2026-54117 | High | 8.8 | 2026-07-14 | Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network. |
CVE-2026-55002 | High | 7.8 | 2026-07-14 | External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally. |
CVE-2026-47296 | High | 7.8 | 2026-07-14 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. |
CVE-2026-54116 | Medium | 6.5 | 2026-07-14 | Access of resource using incompatible type ('type confusion') in SQL Server allows an authorized attacker to disclose information over a network. |
CVE-2026-50468 | Medium | 6.5 | 2026-07-14 | Buffer over-read in SQL Server allows an authorized attacker to disclose information over a network. |