Microsoft Sql Server 2017 vulnerabilities

102 known vulnerabilities affecting microsoft/microsoft_sql_server_2017.

Total CVEs

102

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL2HIGH94MEDIUM6

Vulnerabilities

Page 1 of 6

CVE-2026-32176MEDIUMCVSS 6.7≥ 14.0.0, < 14.0.3525.1≥ 14.0.0, < 14.0.2105.12026-04-14

CVE-2026-32176 [MEDIUM] CWE-89 CVE-2026-32176: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2026-32167MEDIUMCVSS 6.7≥ 14.0.0, < 14.0.3525.1≥ 14.0.0, < 14.0.2105.12026-04-14

CVE-2026-32167 [MEDIUM] CWE-89 CVE-2026-32167: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

cvelistv5nvd

CVE-2026-21262HIGHCVSS 8.8≥ 14.0.0, < 14.0.3520.4≥ 14.0.0, < 14.0.2100.42026-03-10

CVE-2026-21262 [HIGH] CWE-284 CVE-2026-21262: Improper access control in SQL Server allows an authorized attacker to elevate privileges over a net Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

cvelistv5nvd

CVE-2026-26115HIGHCVSS 8.8≥ 14.0.0, < 14.0.3520.4≥ 14.0.0, < 14.0.2100.42026-03-10

CVE-2026-26115 [HIGH] CWE-1287 CVE-2026-26115: Improper validation of specified type of input in SQL Server allows an authorized attacker to elevat Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

cvelistv5nvd

CVE-2025-59499HIGHCVSS 8.8≥ 14.0.0, < 14.0.3515.1≥ 14.0.0, < 14.0.2095.12025-11-11

CVE-2025-59499 [HIGH] CWE-89 CVE-2025-59499: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

cvelistv5nvd

CVE-2025-55227HIGHCVSS 8.8≥ 14.0.0, < 14.0.3505.1≥ 14.0.0, < 14.0.2085.12025-09-09

CVE-2025-55227 [HIGH] CWE-77 CVE-2025-55227: Improper neutralization of special elements used in a command ('command injection') in SQL Server al Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

cvelistv5nvd

CVE-2025-47997MEDIUMCVSS 5.3≥ 14.0.0, < 14.0.3505.1≥ 14.0.0, < 14.0.2085.12025-09-09

CVE-2025-47997 [MEDIUM] CWE-200 CVE-2025-47997: Concurrent execution using shared resource with improper synchronization ('race condition') in SQL S Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.

cvelistv5nvd

CVE-2025-49759HIGHCVSS 8.8≥ 14.0.0, < 14.0.3500.1≥ 14.0.0, < 14.0.2080.12025-08-12

CVE-2025-49759 [HIGH] CWE-89 CVE-2025-49759: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

cvelistv5nvd

CVE-2025-24999HIGHCVSS 8.8≥ 14.0.0, < 14.0.3500.1≥ 14.0.0, < 14.0.2080.12025-08-12

CVE-2025-24999 [HIGH] CWE-284 CVE-2025-24999: Improper access control in SQL Server allows an authorized attacker to elevate privileges over a net Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

cvelistv5nvd

CVE-2025-49758HIGHCVSS 8.8≥ 14.0.0, < 14.0.3500.1≥ 14.0.0, < 14.0.2080.12025-08-12

CVE-2025-49758 [HIGH] CWE-269 CVE-2025-49758: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

cvelistv5nvd

CVE-2025-53727HIGHCVSS 8.8≥ 14.0.0, < 14.0.3500.1≥ 14.0.0, < 14.0.2080.12025-08-12

CVE-2025-53727 [HIGH] CWE-89 CVE-2025-53727: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

cvelistv5nvd

CVE-2025-49719HIGHCVSS 7.5≥ 14.0.0, < 14.0.3495.9≥ 14.0.0, < 14.0.2075.82025-07-08

CVE-2025-49719 [HIGH] CWE-20 CVE-2025-49719: Improper input validation in SQL Server allows an unauthorized attacker to disclose information over Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

cvelistv5nvd

CVE-2024-48993HIGHCVSS 8.8≥ 14.0.0, < 14.0.2070.1≥ 14.0.0, < 14.0.3485.12024-11-12

CVE-2024-48993 [HIGH] CWE-122 CVE-2024-48993: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

cvelistv5nvd

CVE-2024-49008HIGHCVSS 8.8≥ 14.0.0, < 14.0.2070.1≥ 14.0.0, < 14.0.3485.12024-11-12

CVE-2024-49008 [HIGH] CWE-122 CVE-2024-49008: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

cvelistv5nvd

CVE-2024-49017HIGHCVSS 8.8≥ 14.0.0, < 14.0.2070.1≥ 14.0.0, < 14.0.3485.12024-11-12

CVE-2024-49017 [HIGH] CWE-122 CVE-2024-49017: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

cvelistv5nvd

CVE-2024-49011HIGHCVSS 8.8≥ 14.0.0, < 14.0.2070.1≥ 14.0.0, < 14.0.3485.12024-11-12

CVE-2024-49011 [HIGH] CWE-122 CVE-2024-49011: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

cvelistv5nvd

CVE-2024-49009HIGHCVSS 8.8≥ 14.0.0, < 14.0.2070.1≥ 14.0.0, < 14.0.3485.12024-11-12

CVE-2024-49009 [HIGH] CWE-122 CVE-2024-49009: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

cvelistv5nvd

CVE-2024-49003HIGHCVSS 8.8≥ 14.0.0, < 14.0.2070.1≥ 14.0.0, < 14.0.3485.12024-11-12

CVE-2024-49003 [HIGH] CWE-416 CVE-2024-49003: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

cvelistv5nvd

CVE-2024-49021HIGHCVSS 7.8≥ 14.0.0, < 14.0.2070.1≥ 14.0.0, < 14.0.3485.12024-11-12

CVE-2024-49021 [HIGH] CWE-416 CVE-2024-49021: Microsoft SQL Server Remote Code Execution Vulnerability Microsoft SQL Server Remote Code Execution Vulnerability

cvelistv5nvd

CVE-2024-48995HIGHCVSS 8.8≥ 14.0.0, < 14.0.2070.1≥ 14.0.0, < 14.0.3485.12024-11-12

CVE-2024-48995 [HIGH] CWE-122 CVE-2024-48995: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

cvelistv5nvd

1 / 6Next →