CVE-2026-54116
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Summary
Access of resource using incompatible type ('type confusion') in SQL Server allows an authorized attacker to disclose information over a network.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2025 (CU 6) | 17.0.4060.2 < 17.0.4060.2 | affected |
| Microsoft | Microsoft SQL Server 2025 for x64-based Systems (GDR) | 17.0.1050.2 < 17.0.1125.2 | affected |
Weaknesses
- CWE-843: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.