Description
Multiple vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Microsoft SQL Server can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Microsoft SQL Server can be exploited remotely to obtain sensitive information.
- A remote code execution vulnerability in Microsoft SQL Server can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in Microsoft Fabric Data Warehouse can be exploited remotely to execute arbitrary code.
- A spoofing vulnerability in Microsoft PowerBI Report Server can be exploited remotely to spoof user interface.
Original advisories
- CVE-2026-47296
- CVE-2026-50468
- CVE-2026-54116
- CVE-2026-54117
- CVE-2026-54118
- CVE-2026-55002
- CVE-2026-56642
- CVE-2026-58647
Exploitation
CVE list
- CVE-2026-47296 unknown
- CVE-2026-54117 unknown
- CVE-2026-54118 critical
- CVE-2026-55002 unknown
- CVE-2026-58647 critical
- CVE-2026-47295 critical
- CVE-2026-50468 unknown
- CVE-2026-54116 unknown
- CVE-2026-56642 critical
KB list
Read more
Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com
Found an inaccuracy in the description of this vulnerability? Let us know!