Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Microsoft SQL Server 2022 for x64-based Systems (CU 25)

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found

CVE-2026-47295
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.92% / 56.32%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:08
Updated-17 Jul, 2026 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2025 (CU 6)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2019 (CU 32)Microsoft SQL Server 2022 for x64-based Systems (CU 25)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2025 for x64-based Systems (GDR)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2019 (GDR)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-55002
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 15.19%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:05
Updated-17 Jul, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Elevation of Privilege Vulnerability

External control of file name or path in SQL Server allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2025 (CU 6)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2019 (CU 32)Microsoft SQL Server 2022 for x64-based Systems (CU 25)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2025 for x64-based Systems (GDR)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2019 (GDR)
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-54118
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-1.29% / 66.95%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:05
Updated-17 Jul, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Remote Code Execution Vulnerability

Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2025 (CU 6)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2019 (CU 32)Microsoft SQL Server 2022 for x64-based Systems (CU 25)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2025 for x64-based Systems (GDR)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2019 (GDR)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-47296
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.23% / 14.04%
||
7 Day CHG~0.00%
Published-14 Jul, 2026 | 17:04
Updated-17 Jul, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2017sql_server_2019sql_server_2016sql_server_2025sql_server_2022Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2025 (CU 6)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2019 (CU 32)Microsoft SQL Server 2022 for x64-based Systems (CU 25)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2025 for x64-based Systems (GDR)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2019 (GDR)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')