SQL Server

See the latest tracked release, confirm when it was published, and subscribe for update emails.

2025 CU 2025 GDR 2022 CU 2022 GDR 2019 CU 2019 GDR 2017 CU 2017 GDR 2016 Azure Connect Pack GDR 2016 SP3 GDR

Current version

Last checked: yesterday

CU24 + GDR (16.0.4250.1)

Release date: April 14, 2026
CVE status: 3 visible CVEs

Source

Vendor Release Information

Public release notes are linked for the latest stored release.

View release notes Subscribe to updates

Release history

See the latest published releases stored for this product.

Version	Published	Notes
CU24 + GDR (16.0.4250.1)	2026-04-14	Release Notes
CU24 (16.0.4245.2)	2026-03-12	Release Notes

Vulnerability tracking

Review curated CVEs for this product and see whether the current version is marked affected. Only CVEs with a CVSS score of 7.0 or higher and published in the last 90 days are shown.

CVE	Severity	Published	Status	Summary
CVE-2026-26116	HIGH (8.8)	2026-03-10	Current versionnot affected	Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. Affected versions From (including) 16.0.1000.6 - Up to (excluding) 16.0.1170.5 From (including) 16.0.4003.1 - Up to (excluding) 16.0.4240.4
CVE-2026-26115	HIGH (8.8)	2026-03-10	Current versionnot affected	Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network. Affected versions From (including) 16.0.1000.6 - Up to (excluding) 16.0.1170.5 From (including) 16.0.4003.1 - Up to (excluding) 16.0.4240.4
CVE-2026-21262	HIGH (8.8)	2026-03-10	Current versionnot affected	Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. Affected versions From (including) 16.0.1000.6 - Up to (excluding) 16.0.1170.5 From (including) 16.0.4003.1 - Up to (excluding) 16.0.4240.4