Sql Server 2022 Microsoft Sql Server 2022

  1. Vendors
  2. Microsoft
  3. Sql Server 2022

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Sql Server 2022.

By the Year

In 2026 there have been 1 vulnerability in Microsoft Sql Server 2022 with an average score of 7.2 out of ten. Last year, in 2025 Sql Server 2022 had 11 security vulnerabilities published. Right now, Sql Server 2022 is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 1.13

Year Vulnerabilities Average Score
2026 1 7.20
2025 11 8.33
2024 90 8.66

It may take a day or so for new Sql Server 2022 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Sql Server 2022 Security Vulnerabilities

Jan 2026: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2026-20803 7.2 - High - January 13, 2026

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

Missing Authentication for Critical Function

Nov 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-59499 8.8 - High - November 11, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

SQL Injection

Sep 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-55227 8.8 - High - September 09, 2025

Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Command Injection

Sep 2025: Microsoft SQL Server Information Disclosure Vulnerability
CVE-2025-47997 6.5 - Medium - September 09, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.

Race Condition

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-24999 8.8 - High - August 12, 2025

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Authorization

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-47954 8.8 - High - August 12, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

SQL Injection

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-49758 8.8 - High - August 12, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Improper Privilege Management

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-49759 8.8 - High - August 12, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

SQL Injection

Aug 2025: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2025-53727 8.8 - High - August 12, 2025

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

SQL Injection

Jul 2025: Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2025-49717 8.5 - High - July 08, 2025

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Jul 2025: Microsoft SQL Server Information Disclosure Vulnerability
CVE-2025-49718 7.5 - High - July 08, 2025

Use of uninitialized resource in SQL Server allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2025: Microsoft SQL Server Information Disclosure Vulnerability
CVE-2025-49719 7.5 - High - July 08, 2025

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

Improper Input Validation

Microsoft SQL Server XEvent Configuration Remote Code Execution Vulnerability
CVE-2024-49043 7.8 - High - November 12, 2024

Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability

Untrusted Path

Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2024-49021 7.8 - High - November 12, 2024

Microsoft SQL Server Remote Code Execution Vulnerability

Dangling pointer

Microsoft SQL Server EoP Vulnerability
CVE-2024-37965 8.8 - High - September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability

Improper Input Validation

SQL Server Native Scoring Info Disclosure Vulnerability
CVE-2024-37342 4.3 - Medium - September 10, 2024

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

Out-of-bounds Read

Microsoft SQL Server Elevation of Privilege Vulnerability CVE-2024-37341
CVE-2024-37341 9.8 - Critical - September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability

Authorization

Remote Code Execution in Microsoft SQL Server Native Scoring
CVE-2024-37340 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Untrusted Pointer Dereference

Microsoft SQL Server RCE via Native Scoring
CVE-2024-37339 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Microsoft SQL Server RCE via Native Scoring
CVE-2024-37338 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Out-of-bounds Read

SQL Server Native Scoring Info Disclosure Vulnerability
CVE-2024-37337 4.3 - Medium - September 10, 2024

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

Numeric Truncation Error

MS SQL Server Native RCE via Scoring Component
CVE-2024-37335 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Heap-based Buffer Overflow

SQL Server NativeScoring RCE Vulnerability (CVE-2024-26191)
CVE-2024-26191 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft SQL Server Native Scoring RCE Vulnerability (CVE-2024-26186)
CVE-2024-26186 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Dangling pointer

Microsoft SQL Server EOP Vulnerability CVE-2024-37980
CVE-2024-37980 9.8 - Critical - September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability

Microsoft SQL Server Info Disclosure via Native Scoring Function
CVE-2024-37966 7.1 - High - September 10, 2024

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

Out-of-bounds Read

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-38087 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Double-free

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21308 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21317 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21331 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21332 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21333 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21335 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21373 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21398 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21414 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21415 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21425 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21428 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-28928 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Stack Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21449 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37323 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37322 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37321 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37320 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21303 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Dangling pointer

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-20701 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-35272 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37319 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Jul 2024: SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-37318 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Sql Server 2022 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Sql Server 2022
Product

subscribe