Endpoint VulnerabilityMicrosoft SQL Server Native Scoring CVE-2024-26186 Remote Code Execution Vulnerability
Description
Use-after-free in SQL Server Native Scoring enables authenticated remote code execution on SQL Server 2016 SP3, 2017, 2019, 2022 and Azure IaaS; apply the latest CU/GDR updates or OLE DB Driver 18/19 to mitigate.
Affected Applications
Microsoft SQL Server 2022 for x64-based Systems (CU 14)
Microsoft SQL Server 2019 for x64-based Systems (GDR)
Microsoft SQL Server 2019 for x64-based Systems (CU 28)
Microsoft SQL Server 2017 for x64-based Systems (CU 31)
Microsoft SQL Server 2017 for x64-based Systems (GDR)
Microsoft SQL Server 2022 for x64-based Systems (GDR)
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2024-09-10 | 1.00736 |
New
|
Microsoft SQL Server 2022 for x64-based Systems (CU 14),Microsoft SQL Server 2019 for x64-based Systems (GDR),Microsoft SQL Server 2019 for x64-based Systems (CU 28),Microsoft SQL Server 2017 for x64-based Systems (CU 31),Microsoft SQL Server 2017 for x64-based Systems (GDR),Microsoft SQL Server 2022 for x64-based Systems (GDR) |
| ID | 81086 |
| Created | Sep 10, 2024 |
| Description Updated |
Jan 10, 2026 |
| CVE ID | |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Microsoft SQL Server 2022 for x64-based Systems (CU 14) , Microsoft SQL Server 2019 for x64-based Systems (GDR) , Microsoft SQL Server 2019 for x64-based Systems (CU 28) , Microsoft SQL Server 2017 for x64-based Systems (CU 31) , Microsoft SQL Server 2017 for x64-based Systems (GDR) , Microsoft SQL Server 2022 for x64-based Systems (GDR) |