Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMicrosoft Sql Server 2016
APPMicrosoft13.0.6300.2 – 13.0.6485.1 (bez)13.0.7000.253 – 13.0.7080.1 (bez)Microsoft Sql Server 2017
APPMicrosoft14.0.1000.169 – 14.0.2105.1 (bez)14.0.3006.16 – 14.0.3525.1 (bez)Microsoft Sql Server 2019
APPMicrosoft15.0.2000.5 – 15.0.2165.1 (bez)15.0.4003.23 – 15.0.4465.1 (bez)Microsoft Sql Server 2022
APPMicrosoft16.0.1000.6 – 16.0.1175.1 (bez)16.0.4003.1 – 16.0.4250.1 (bez)Microsoft Sql Server 2025
APPMicrosoft17.0.1000.7 – 17.0.1110.1 (bez)17.0.4006.2 – 17.0.4030.1 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2026-40370HIGH8.8ten sam produkt
External control of file name or path in SQL Server allows an authorized attacker to execute code over a netwo...
CVE-2026-21262HIGH8.8ten sam produkt
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26116HIGH8.8ten sam produkt
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an a...
CVE-2026-26115HIGH8.8ten sam produkt
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileg...
CVE-2026-20803HIGH7.2ten sam produkt
Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges...