CVE-2026-54117
Received Received - Intake

Deserialization Flaw in SQL Server Permits Remote Code Execution

Vulnerability report for CVE-2026-54117, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Deserialization of untrusted data in SQL Server allows an authorized attacker to execute code over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft sql_server *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-54117 is a vulnerability in Microsoft SQL Server involving the deserialization of untrusted data. Deserialization is the process of converting data from a stored or transmitted format back into an object. When untrusted data is deserialized, an attacker can manipulate this process to execute arbitrary code.

In this case, an authorized attacker with network access to the SQL Server can exploit this flaw to execute code remotely. This means the attacker does not need physical access to the system but can trigger the vulnerability over a network connection.

The vulnerability is classified as a remote code execution (RCE) issue, which is considered critical due to its potential impact.

Impact Analysis

This vulnerability can have severe consequences if exploited. Here are the potential impacts:

  • Unauthorized code execution: An attacker could run malicious code on the affected SQL Server, potentially gaining control over the system.
  • Data breaches: The attacker could access, modify, or delete sensitive data stored in the SQL Server database.
  • System compromise: The attacker could use the compromised SQL Server as a foothold to move laterally within the network, targeting other systems.
  • Service disruption: The attacker could disrupt database operations, leading to downtime or loss of service availability.

The CVSS base score of 8.8 indicates a high severity, meaning the vulnerability poses a significant risk if not mitigated.

Compliance Impact

This vulnerability can impact compliance with several common standards and regulations, depending on the data handled by the affected SQL Server. Here are some potential implications:

  • GDPR (General Data Protection Regulation): If the SQL Server processes personal data of EU citizens, a breach resulting from this vulnerability could lead to unauthorized access or disclosure of personal data. This may violate GDPR requirements for data protection and could result in significant fines or legal action.
  • HIPAA (Health Insurance Portability and Accountability Act): If the SQL Server stores or processes protected health information (PHI), exploitation of this vulnerability could lead to unauthorized access to PHI. This would violate HIPAA's security and privacy rules, potentially resulting in penalties and mandatory corrective actions.
  • PCI DSS (Payment Card Industry Data Security Standard): If the SQL Server handles payment card data, a breach could expose cardholder information, violating PCI DSS requirements. This could lead to fines, increased transaction fees, or loss of the ability to process payments.
  • SOX (Sarbanes-Oxley Act): For organizations subject to SOX, a breach could compromise the integrity of financial data, leading to non-compliance with SOX requirements for data security and accuracy.

In all cases, organizations must ensure they have appropriate security measures in place to mitigate such vulnerabilities and maintain compliance with relevant regulations.

Detection Guidance

The provided context does not include specific detection methods or commands for identifying the deserialization of untrusted data vulnerability in SQL Server (CVE-2026-54117). Detection typically involves monitoring network traffic for unusual deserialization patterns or using security tools to scan for vulnerable SQL Server instances.

Microsoft may provide detection guidance or tools in their official update guide or security advisories. Checking the Microsoft Security Response Center (MSRC) portal for this CVE is recommended for the latest detection methods.

Mitigation Strategies

To mitigate CVE-2026-54117, follow these immediate steps:

  • Apply the latest security updates provided by Microsoft for SQL Server. The official patch is the primary mitigation for this vulnerability.
  • Restrict network access to SQL Server instances to trusted users and systems only. Use firewalls or network segmentation to limit exposure.
  • Monitor for unusual activity or unauthorized access attempts on SQL Server instances.
  • Review and validate all serialized data inputs to SQL Server to ensure they come from trusted sources.

For detailed mitigation steps, refer to the official Microsoft update guide for CVE-2026-54117.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54117. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart