CVE-2026-33120
published 2026-04-14CVE-2026-33120: Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_sql_server_2022 | >= 16.0.0 < 16.0.1175.1 | 16.0.1175.1 |
| microsoft | sql_server_2016 | >= 13.0.6300.2 < 13.0.6485.1 | 13.0.6485.1 |
| microsoft | sql_server_2016 | >= 13.0.7000.253 < 13.0.7080.1 | 13.0.7080.1 |
| microsoft | sql_server_2017 | >= 14.0.1000.169 < 14.0.2105.1 | 14.0.2105.1 |
| microsoft | sql_server_2017 | >= 14.0.3006.16 < 14.0.3525.1 | 14.0.3525.1 |
| microsoft | sql_server_2019 | >= 15.0.2000.5 < 15.0.2165.1 | 15.0.2165.1 |
| microsoft | sql_server_2019 | >= 15.0.4003.23 < 15.0.4465.1 | 15.0.4465.1 |
| microsoft | sql_server_2022 | >= 16.0.1000.6 < 16.0.1175.1 | 16.0.1175.1 |
| microsoft | sql_server_2022 | >= 16.0.4003.1 < 16.0.4250.1 | 16.0.4250.1 |
| microsoft | sql_server_2025 | >= 17.0.1000.7 < 17.0.1110.1 | 17.0.1110.1 |
| microsoft | sql_server_2025 | >= 17.0.4006.2 < 17.0.4030.1 | 17.0.4030.1 |