Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HMicrosoft Ole Db Driver For Sql Server
APPMicrosoft18.0.2 – 18.7.0002.0 (bez)19.0.0 – 19.3.0003.0 (bez)Microsoft Sql Server 2019
APPMicrosoft15.0.2000.5 – 15.0.2110.4 (bez)15.0.4003.23 – 15.0.4360.2 (bez)Microsoft Sql Server 2022
APPMicrosoft16.0.1000.6 – 16.0.1115.1 (bez)16.0.4003.1 – 16.0.4120.1 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCE
Powiązane podatności
CVE-2026-40370HIGH8.8ten sam produkt
External control of file name or path in SQL Server allows an authorized attacker to execute code over a netwo...
CVE-2026-33120HIGH8.8ten sam produkt
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-21262HIGH8.8ten sam produkt
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26115HIGH8.8ten sam produkt
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileg...
CVE-2026-26116HIGH8.8ten sam produkt
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an a...