CVE-2026-54118

Microsoft · SQL Server

A deserialization of untrusted data flaw in various Microsoft SQL Server releases allows authenticated attackers to execute code over a network.

Executive summary

A deserialization vulnerability across multiple legacy and current SQL Server versions allows authenticated attackers to gain remote code execution capabilities.

Vulnerability

This vulnerability involves the insecure deserialization of untrusted data, which can be weaponized by an authenticated attacker to execute code remotely. The flaw exists due to insufficient validation of incoming data streams within the SQL Server engine.

Business impact

With a CVSS score of 8.8, this flaw poses a substantial threat to the stability and security of enterprise databases. Successful exploitation allows an attacker to gain control over the server, which could result in the theft of proprietary data or the deployment of ransomware within the database environment.

Remediation

Immediate Action: Apply the specific security updates for your version of SQL Server as detailed in the Microsoft security advisory.

Proactive Monitoring: Monitor network traffic and database logs for unusual connection patterns or signs of code injection within the database environment.

Compensating Controls: Use network segmentation to isolate SQL Server instances from non-essential network segments, ensuring that only trusted users and applications can communicate with the service.

Exploitation status

Public Exploit Available: No (exploit_available: false).

Analyst recommendation

Due to the breadth of affected software versions, security teams must perform a thorough inventory of their database estate. Prioritize patching systems that host highly sensitive data to mitigate the risk of remote exploitation.