PT-2026-58224 · Microsoft · Sql Server 2025

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-54117

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SQL Server 2025 versions prior to 17.0.4060.2
Description Deserialization of untrusted data allows an authorized attacker to execute code over a network. Deserialization is the process of converting a data stream back into an object, which can be exploited if the input is not properly validated.
Recommendations Update SQL Server 2025 to version 17.0.4060.2.

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-54117

Affected Products

Sql Server 2025