Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Microsoft SQL Server 2022 for x64-based Systems (CU 24)

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-40370
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.07% / 21.29%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:59
Updated-09 Jun, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Server Remote Code Execution Vulnerability

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft SQL Server 2025 (CU 4)Microsoft SQL Server 2022 for x64-based Systems (CU 24)Microsoft SQL Server 2025 for x64-based Systems (GDR)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (CU 31)Microsoft SQL Server 2017 (GDR)
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-32176
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.08%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:58
Updated-01 Jun, 2026 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft SQL Server 2022 for x64-based Systems (CU 24)Microsoft SQL Server 2025 for x64-based Systems (GDR)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2025 (CU 3)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (CU 31)Microsoft SQL Server 2017 (GDR)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-32167
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 21.08%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:57
Updated-01 Jun, 2026 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2025sql_server_2022sql_server_2016sql_server_2019sql_server_2017Microsoft SQL Server 2022 for x64-based Systems (CU 24)Microsoft SQL Server 2025 for x64-based Systems (GDR)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2025 (CU 3)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (CU 31)Microsoft SQL Server 2017 (GDR)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')