Microsoft Microsoft Sql Server 2017 (Cu 31)
101 CVEs affecting Microsoft Microsoft Sql Server 2017 (Cu 31). Latest disclosed: 2026-05-12. Critical: 0, High: 97.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40370 | High | 8.8 | 2026-05-12 | External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. |
CVE-2026-26115 | High | 8.8 | 2026-03-10 | Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2026-21262 | High | 8.8 | 2026-03-10 | Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2025-59499 | High | 8.8 | 2025-11-11 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n… |
CVE-2025-55227 | High | 8.8 | 2025-09-09 | Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a ne… |
CVE-2025-49759 | High | 8.8 | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n… |
CVE-2025-24999 | High | 8.8 | 2025-08-12 | Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. |
CVE-2025-53727 | High | 8.8 | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n… |
CVE-2025-49758 | High | 8.8 | 2025-08-12 | Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a n… |
CVE-2024-49018 | High | 8.8 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49017 | High | 8.8 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49016 | High | 8.8 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49015 | High | 8.8 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49014 | High | 8.8 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49013 | High | 8.8 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49012 | High | 8.8 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49011 | High | 8.8 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49010 | High | 8.8 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49009 | High | 8.8 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
CVE-2024-49008 | High | 8.8 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |