CVE-2026-54117

Microsoft · SQL Server

A deserialization vulnerability in Microsoft SQL Server allows an authenticated attacker to execute arbitrary code over the network.

Executive summary

A deserialization of untrusted data in Microsoft SQL Server creates a critical risk of remote code execution for authenticated users.

Vulnerability

The software fails to properly sanitize deserialized data, which can be manipulated by an authenticated attacker to trigger arbitrary code execution. This vulnerability is accessible over the network, requiring the attacker to have established a valid user session.

Business impact

This vulnerability carries a CVSS score of 8.8, reflecting the high impact of remote code execution on database infrastructure. If exploited, an attacker could compromise the entire database environment, leading to unauthorized data access, modification, or total destruction of business-critical information.

Remediation

Immediate Action: Update Microsoft SQL Server instances to the latest available cumulative update or GDR version provided by the vendor.

Proactive Monitoring: Review SQL Server error logs and audit trails for anomalous deserialization errors or unexpected administrative activities.

Compensating Controls: Ensure that access to the SQL Server network port is strictly limited to authorized application servers and administrative workstations via firewall rules.

Exploitation status

Public Exploit Available: No (exploit_available: false).

Analyst recommendation

Organizations running the affected versions of SQL Server should schedule emergency maintenance to apply the necessary security updates. Protecting the database layer is essential to preventing lateral movement and ensuring the confidentiality of enterprise data.