Microsoft Microsoft Sql Server 2019 (Cu 32)
15 CVEs affecting Microsoft Microsoft Sql Server 2019 (Cu 32). Latest disclosed: 2026-05-12. Critical: 0, High: 12.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40370 | High | 8.8 | 2026-05-12 | External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. |
CVE-2026-26115 | High | 8.8 | 2026-03-10 | Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2026-21262 | High | 8.8 | 2026-03-10 | Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2025-59499 | High | 8.8 | 2025-11-11 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n… |
CVE-2025-55227 | High | 8.8 | 2025-09-09 | Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a ne… |
CVE-2025-49759 | High | 8.8 | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n… |
CVE-2025-24999 | High | 8.8 | 2025-08-12 | Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2025-53727 | High | 8.8 | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n… |
CVE-2025-49758 | High | 8.8 | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n… |
CVE-2025-49717 | High | 8.5 | 2025-07-08 | Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network. |
CVE-2025-49718 | High | 7.5 | 2025-07-08 | Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network. |
CVE-2025-49719 | High | 7.5 | 2025-07-08 | Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network. |
CVE-2026-32176 | Medium | 6.7 | 2026-04-14 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. |
CVE-2026-32167 | Medium | 6.7 | 2026-04-14 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. |
CVE-2025-47997 | Medium | 6.5 | 2025-09-09 | Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information… |