Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Microsoft SQL Server 2025 (CU 4)

Source -

CNA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2026-40370
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-Not Assigned
Published-12 May, 2026 | 16:59
Updated-13 May, 2026 | 10:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL Server Remote Code Execution Vulnerability

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (CU 31)Microsoft SQL Server 2022 for x64-based Systems (CU 24)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2022 (GDR)Microsoft SQL Server 2025 for x64-based Systems (GDR)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2025 (CU 4)
CWE ID-CWE-73
External Control of File Name or Path