Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for Microsoft SQL Server 2022 for x64-based Systems (CU 24) by Microsoft

    CVE-2026-40370 (GCVE-0-2026-40370)

    Vulnerability from nvd – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    SQL Server Remote Code Execution Vulnerability
    Summary
    External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40370",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:57:25.195979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:04:10.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.6490.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.7085.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (CU 31)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.3530.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.2110.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 32)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4470.1",
                  "status": "affected",
                  "version": "15.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2170.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1180.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 for x64-based Systems (CU 24)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4252.3",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft SQL Server 2025 (CU 4)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.4040.1",
                  "status": "affected",
                  "version": "17.0.4040.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.1115.1",
                  "status": "affected",
                  "version": "17.0.1050.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "17.0.4040.1",
                      "versionStartIncluding": "17.0.4040.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4252.3",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.2110.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2170.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.6490.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.7085.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.3530.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1180.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "17.0.1115.1",
                      "versionStartIncluding": "17.0.1050.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4470.1",
                      "versionStartIncluding": "15.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "External control of file name or path in SQL Server allows an authorized attacker to execute code over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:53.223Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40370"
            }
          ],
          "title": "SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40370",
        "datePublished": "2026-05-12T16:59:21.097Z",
        "dateReserved": "2026-04-11T23:06:15.615Z",
        "dateUpdated": "2026-06-19T16:12:53.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32176 (GCVE-0-2026-32176)

    Vulnerability from nvd – Published: 2026-04-14 16:58 – Updated: 2026-06-19 16:08
    VLAI
    Title
    SQL Server Elevation of Privilege Vulnerability
    Summary
    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Date Public
    2026-04-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T03:57:07.486601Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T19:15:11.897Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.6485.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.7080.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (CU 31)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.3525.1",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.2105.1",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 32)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4465.1",
                  "status": "affected",
                  "version": "15.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2165.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1175.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 for x64-based Systems (CU 24)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4250.1",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2025 (CU 3)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.4030.1",
                  "status": "affected",
                  "version": "17.0.4030.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.1110.1",
                  "status": "affected",
                  "version": "17.0.1050.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "17.0.4030.1",
                      "versionStartIncluding": "17.0.4030.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "17.0.1110.1",
                      "versionStartIncluding": "17.0.1050.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4250.1",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.2105.1",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2165.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.6485.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.7080.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.3525.1",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1175.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4465.1",
                      "versionStartIncluding": "15.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-04-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in SQL Server allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:08:45.679Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "SQL Server Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32176"
            }
          ],
          "title": "SQL Server Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-32176",
        "datePublished": "2026-04-14T16:58:32.054Z",
        "dateReserved": "2026-03-11T00:26:53.425Z",
        "dateUpdated": "2026-06-19T16:08:45.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32167 (GCVE-0-2026-32167)

    Vulnerability from nvd – Published: 2026-04-14 16:57 – Updated: 2026-06-19 16:07
    VLAI
    Title
    SQL Server Elevation of Privilege Vulnerability
    Summary
    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Date Public
    2026-04-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32167",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T03:57:08.611733Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T10:34:13.625Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.6485.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.7080.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (CU 31)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.3525.1",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.2105.1",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 32)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4465.1",
                  "status": "affected",
                  "version": "15.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2165.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1175.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 for x64-based Systems (CU 24)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4250.1",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2025 (CU 3)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.4030.1",
                  "status": "affected",
                  "version": "17.0.4030.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.1110.1",
                  "status": "affected",
                  "version": "17.0.1050.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "17.0.4030.1",
                      "versionStartIncluding": "17.0.4030.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4250.1",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.2105.1",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2165.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.6485.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.7080.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1175.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.3525.1",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "17.0.1110.1",
                      "versionStartIncluding": "17.0.1050.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4465.1",
                      "versionStartIncluding": "15.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-04-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in SQL Server allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:07:57.371Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "SQL Server Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167"
            }
          ],
          "title": "SQL Server Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-32167",
        "datePublished": "2026-04-14T16:57:30.245Z",
        "dateReserved": "2026-03-10T23:09:43.266Z",
        "dateUpdated": "2026-06-19T16:07:57.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40370 (GCVE-0-2026-40370)

    Vulnerability from cvelistv5 – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:12
    VLAI
    Title
    SQL Server Remote Code Execution Vulnerability
    Summary
    External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-73 - External Control of File Name or Path
    Assigner
    References
    Date Public
    2026-05-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40370",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-13T03:57:25.195979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-13T10:04:10.932Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.6490.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.7085.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (CU 31)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.3530.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.2110.2",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 32)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4470.1",
                  "status": "affected",
                  "version": "15.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2170.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1180.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 for x64-based Systems (CU 24)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4252.3",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft SQL Server 2025 (CU 4)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.4040.1",
                  "status": "affected",
                  "version": "17.0.4040.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.1115.1",
                  "status": "affected",
                  "version": "17.0.1050.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "17.0.4040.1",
                      "versionStartIncluding": "17.0.4040.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4252.3",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.2110.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2170.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.6490.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.7085.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.3530.2",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1180.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "17.0.1115.1",
                      "versionStartIncluding": "17.0.1050.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4470.1",
                      "versionStartIncluding": "15.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-05-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "External control of file name or path in SQL Server allows an authorized attacker to execute code over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:12:53.223Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "SQL Server Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40370"
            }
          ],
          "title": "SQL Server Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-40370",
        "datePublished": "2026-05-12T16:59:21.097Z",
        "dateReserved": "2026-04-11T23:06:15.615Z",
        "dateUpdated": "2026-06-19T16:12:53.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32176 (GCVE-0-2026-32176)

    Vulnerability from cvelistv5 – Published: 2026-04-14 16:58 – Updated: 2026-06-19 16:08
    VLAI
    Title
    SQL Server Elevation of Privilege Vulnerability
    Summary
    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Date Public
    2026-04-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32176",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T03:57:07.486601Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T19:15:11.897Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.6485.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.7080.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (CU 31)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.3525.1",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.2105.1",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 32)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4465.1",
                  "status": "affected",
                  "version": "15.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2165.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1175.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 for x64-based Systems (CU 24)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4250.1",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2025 (CU 3)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.4030.1",
                  "status": "affected",
                  "version": "17.0.4030.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.1110.1",
                  "status": "affected",
                  "version": "17.0.1050.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "17.0.4030.1",
                      "versionStartIncluding": "17.0.4030.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "17.0.1110.1",
                      "versionStartIncluding": "17.0.1050.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4250.1",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.2105.1",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2165.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.6485.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.7080.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.3525.1",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1175.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4465.1",
                      "versionStartIncluding": "15.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-04-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in SQL Server allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:08:45.679Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "SQL Server Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32176"
            }
          ],
          "title": "SQL Server Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-32176",
        "datePublished": "2026-04-14T16:58:32.054Z",
        "dateReserved": "2026-03-11T00:26:53.425Z",
        "dateUpdated": "2026-06-19T16:08:45.679Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32167 (GCVE-0-2026-32167)

    Vulnerability from cvelistv5 – Published: 2026-04-14 16:57 – Updated: 2026-06-19 16:07
    VLAI
    Title
    SQL Server Elevation of Privilege Vulnerability
    Summary
    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Date Public
    2026-04-14 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32167",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-15T03:57:08.611733Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-15T10:34:13.625Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.6485.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "13.0.7080.1",
                  "status": "affected",
                  "version": "13.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (CU 31)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.3525.1",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2017 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.2105.1",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (CU 32)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.4465.1",
                  "status": "affected",
                  "version": "15.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2019 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.0.2165.1",
                  "status": "affected",
                  "version": "15.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.1175.1",
                  "status": "affected",
                  "version": "16.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2022 for x64-based Systems (CU 24)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.4250.1",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2025 (CU 3)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.4030.1",
                  "status": "affected",
                  "version": "17.0.4030.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "x64-based Systems"
              ],
              "product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.1110.1",
                  "status": "affected",
                  "version": "17.0.1050.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "17.0.4030.1",
                      "versionStartIncluding": "17.0.4030.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.4250.1",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.2105.1",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.2165.1",
                      "versionStartIncluding": "15.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.6485.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*",
                      "versionEndExcluding": "13.0.7080.1",
                      "versionStartIncluding": "13.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "16.0.1175.1",
                      "versionStartIncluding": "16.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*",
                      "versionEndExcluding": "14.0.3525.1",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "17.0.1110.1",
                      "versionStartIncluding": "17.0.1050.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
                      "versionEndExcluding": "15.0.4465.1",
                      "versionStartIncluding": "15.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-04-14T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of special elements used in an sql command (\u0027sql injection\u0027) in SQL Server allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T16:07:57.371Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "SQL Server Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167"
            }
          ],
          "title": "SQL Server Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-32167",
        "datePublished": "2026-04-14T16:57:30.245Z",
        "dateReserved": "2026-03-10T23:09:43.266Z",
        "dateUpdated": "2026-06-19T16:07:57.371Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }