SQL Server allows execution of malicious code over the network

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

SQL Server allows execution of malicious code over the network

CVE-2026-33120

Summary

An attacker with authorized access to SQL Server can potentially execute malicious code on a network, allowing them to access or modify sensitive data. This can happen if the attacker knows how to exploit a specific vulnerability in the software. To mitigate this risk, ensure that all users and administrators follow proper security protocols and keep their SQL Server software up to date with the latest security patches.

Original title

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

Original description

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

nvd CVSS3.1 8.8

Vulnerability type

CWE-822

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33120

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026