Back to search

Microsoft

SQL Server

See the latest tracked release, confirm when it was published, and subscribe for update emails.

2025 CU Switch to this train 2025 GDR Current train 2022 CU Switch to this train 2022 GDR Switch to this train 2019 CU Switch to this train 2019 GDR Switch to this train 2017 CU Switch to this train 2017 GDR Switch to this train 2016 Azure Connect Pack GDR Switch to this train 2016 SP3 GDR Switch to this train
Current version
Last checked: 2026-06-03

GDR (17.0.1115.1)

Release date
May 12, 2026
Security status
Current version appears affected by 3 high-severity CVEs.

Source

Vendor Release Information

Public release notes are linked for the latest stored release.

View release notes Subscribe to updates

Release history

See the latest published releases stored for this product.

Version Published Notes
GDR (17.0.1115.1) 2026-05-12 Release Notes
GDR (17.0.1110.1) 2026-04-14 Release Notes
GDR (17.0.1105.2) 2026-03-10 Release Notes

Vulnerability tracking

versionPing monitors CVEs for this product. Matching CVEs are listed below. We only display CVEs with a CVSS score of 7.0 or higher that were published within the last 90 days.

Affected status is inferred from published affected version ranges where available. Always verify against the vendor advisory before making production decisions.

CVE Severity Published Status Summary
CVE-2026-33120 HIGH (8.8) 2026-04-14 Current versionnot affected

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

Affected versions
  • From (including) 17.0.1000.7 - Up to (excluding) 17.0.1110.1
  • From (including) 17.0.4006.2 - Up to (excluding) 17.0.4030.1
CVE-2026-32176 HIGH (7.8) 2026-04-14 Current versionnot affected

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

Affected versions
  • From (including) 17.0.1000.7 - Up to (excluding) 17.0.1110.1
  • From (including) 17.0.4006.2 - Up to (excluding) 17.0.4030.1
CVE-2026-32167 HIGH (7.8) 2026-04-14 Current versionnot affected

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

Affected versions
  • From (including) 17.0.1000.7 - Up to (excluding) 17.0.1110.1
  • From (including) 17.0.4006.2 - Up to (excluding) 17.0.4030.1
CVE-2026-26116 HIGH (8.8) 2026-03-10 Current versionaffected

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Affected versions
  • From (including) 17.0.1000.7 - Up to (excluding) 17.0.1105.2
  • From (including) 17.0.4006.2 - Up to (excluding) 17.0.4020.2
CVE-2026-26115 HIGH (8.8) 2026-03-10 Current versionaffected

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

Affected versions
  • From (including) 17.0.1000.7 - Up to (excluding) 17.0.1050.2
  • From (including) 17.0.4006.2 - Up to (excluding) 17.0.4020.2
CVE-2026-21262 HIGH (8.8) 2026-03-10 Current versionaffected

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

Affected versions
  • From (including) 17.0.1000.7 - Up to (excluding) 17.0.1105.2
  • From (including) 17.0.4006.2 - Up to (excluding) 17.0.4020.2
versionPing is an unofficial free service that tracks software releases and notifies you when CVEs and updates are available. Built by an engineer for engineers.ImprintPrivacy Notice