CVE Database · CVE-2016-7270
CVSS v3.1
N/A
EPSS
20.01%
Published
Dec 20, 2016
Modified
May 6, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
Weaknesses (CWE)
Affected Products (1)
References (6)
