Primary

Context

Microsoft SQL Server Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in Microsoft SQL Server. This issue arises from an untrusted pointer dereference, allowing an authorized attacker to execute code over the network. The vulnerability affects several versions of SQL Server, including SQL Server 2022, 2019, 2017, and 2016, with specific update guidance available for each version.

Impact

Exploitation of this vulnerability could lead to remote code execution, with the attacker gaining SQL sysadmin privileges.

Remediation

Users should update to the latest security update for their version of SQL Server. Specific update instructions can be found in the Microsoft Security Update Guide.

Added: Apr 14, 2026, 7:02 PM

Updated: Apr 14, 2026, 7:02 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

10.0

exploitability

4.3

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

10.0

exploitability

4.3

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft SQL Server Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft SQL Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating