CVE-2026-40370

Medienbericht

EPSS 0.06%
Veröffentlicht 12.05.2026 16:59:21
Zuletzt bearbeitet 13.05.2026 15:34:52
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

SQL Server Remote Code Execution Vulnerability

External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

CNA 10 VulnDex Vulnerability Enrichment 4

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerMicrosoft

≫

Produkt Microsoft SQL Server 2016 Service Pack 3 (GDR)

Version 13.0.0

Version < 13.0.6490.1

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack

Version 13.0.0

Version < 13.0.7085.1

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft SQL Server 2017 (CU 31)

Version 14.0.0

Version < 14.0.3530.2

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft SQL Server 2017 (GDR)

Version 14.0.0

Version < 14.0.2110.2

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft SQL Server 2019 (CU 32)

Version 15.0.0.0

Version < 15.0.4470.1

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft SQL Server 2019 (GDR)

Version 15.0.0

Version < 15.0.2170.1

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft SQL Server 2022 (GDR)

Version 16.0.0

Version < 16.0.1180.1

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft SQL Server 2022 for x64-based Systems (CU 24)

Version 16.0.0.0

Version < 16.0.4252.3

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft SQL Server 2025 (CU 4)

Version 17.0.4040.1

Version < 17.0.4040.1

Status affected

HerstellerMicrosoft

≫

Produkt Microsoft SQL Server 2025 for x64-based Systems (GDR)

Version 17.0.1050.2

Version < 17.0.1115.1

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.197

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2026-patch-tuesday-fixes-120-flaws-no-zero-days/

Media Report

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40370

https://nvd.nist.gov/vuln/detail/CVE-2026-40370

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-40370

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-40370

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-40370