What is CVE-2023-32026?

CVE-2023-32026 is a vulnerability in the Microsoft ODBC Driver for SQL Server that allows remote code execution.

How severe is CVE-2023-32026?

CVE-2023-32026 has a severity rating of 7.8, which is considered high.

Which software products are affected by CVE-2023-32026?

CVE-2023-32026 affects the Microsoft ODBC Driver 17 and 18 for SQL Server on Windows, MacOS, and Linux, as well as the SQL Server 2022 (CU 5) and 2019 (CU 21).

How can I fix CVE-2023-32026?

To fix CVE-2023-32026, you should apply the patches or updates provided by Microsoft for the affected ODBC drivers or SQL Server versions.

Where can I find more information about CVE-2023-32026?

You can find more information about CVE-2023-32026 on the Microsoft Security Response Center website.

Vulnerability/
CVE-2023-32026

high

7.8

CWE

122

15/6/2023

16/6/2023

1/1/2025

CVE-2023-32026: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

First published: Thu Jun 15 2023(Updated: )

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft SQL Server 2019 (CU 21)		fix available externally
Microsoft SQL Server 2022 (CU 5)		fix available externally
Microsoft ODBC Driver 18 for SQL Server on Windows	>=17.0.1.1<17.10.4.1
Microsoft ODBC Driver 18 for SQL Server on MacOS	>=17.0.1.1<17.10.4.1
Microsoft SQL Server 2022 (CU 5)	>=17.0.1.1<17.10.4.1
Microsoft ODBC Driver 18 for SQL Server on Windows	>=18.0.1.1<18.2.1.1
Microsoft ODBC Driver 18 for SQL Server on MacOS	>=18.0.1.1<18.2.1.1
Microsoft SQL Server 2022 (CU 5)	>=18.0.1.1<18.2.1.1
Microsoft SQL Server	=2019
Microsoft SQL Server	=2022
Microsoft ODBC Driver 18 for SQL Server on Linux		fix available externally
Microsoft ODBC Driver 17 for SQL Server on Windows		fix available externally
Microsoft ODBC Driver 17 for SQL Server on MacOS		fix available externally
Microsoft ODBC Driver 17 for SQL Server on Linux		fix available externally
Microsoft Visual Studio 2019 (includes 16.0 - 16.10)	=16.11	fix available externally
Microsoft ODBC Driver 18 for SQL Server on Windows		fix available externally
Microsoft ODBC Driver 18 for SQL Server on MacOS		fix available externally
Microsoft Visual Studio 2022	=17.8	fix available externally
Microsoft Visual Studio 2022	=17.2	fix available externally
Microsoft Visual Studio 2022	=17.6	fix available externally
Microsoft Odbc Driver For Sql Server	>=17.0.1.1<17.10.4.1
Microsoft Odbc Driver For Sql Server	>=17.0.1.1<17.10.4.1
Microsoft Odbc Driver For Sql Server	>=17.0.1.1<17.10.4.1
Microsoft Odbc Driver For Sql Server	>=18.0.1.1<18.2.1.1
Microsoft Odbc Driver For Sql Server	>=18.0.1.1<18.2.1.1
Microsoft Odbc Driver For Sql Server	>=18.0.1.1<18.2.1.1

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026 (Advisory)

Frequently Asked Questions

What is CVE-2023-32026?
CVE-2023-32026 is a vulnerability in the Microsoft ODBC Driver for SQL Server that allows remote code execution.
How severe is CVE-2023-32026?
CVE-2023-32026 has a severity rating of 7.8, which is considered high.
Which software products are affected by CVE-2023-32026?
CVE-2023-32026 affects the Microsoft ODBC Driver 17 and 18 for SQL Server on Windows, MacOS, and Linux, as well as the SQL Server 2022 (CU 5) and 2019 (CU 21).
How can I fix CVE-2023-32026?
To fix CVE-2023-32026, you should apply the patches or updates provided by Microsoft for the affected ODBC drivers or SQL Server versions.
Where can I find more information about CVE-2023-32026?
You can find more information about CVE-2023-32026 on the Microsoft Security Response Center website.

collector/msrc-cve
collector/nvd-index
agent/type
agent/first-publish-date
collector/msrc
source/Microsoft
agent/software-canonical-lookup
agent/remedy
agent/severity
agent/title
agent/references
agent/description
agent/software-canonical-lookup-request
agent/event
collector/nvd-api
source/NVD
agent/author
agent/weakness
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/microsoft
canonical/microsoft sql server 2019 (cu 21)
canonical/microsoft sql server 2022 (cu 5)
canonical/microsoft odbc driver 18 for sql server on windows
version/microsoft odbc driver 18 for sql server on windows/17.0.1.1
canonical/microsoft odbc driver 18 for sql server on macos
version/microsoft odbc driver 18 for sql server on macos/17.0.1.1
version/microsoft sql server 2022 (cu 5)/17.0.1.1
version/microsoft odbc driver 18 for sql server on windows/18.0.1.1
version/microsoft odbc driver 18 for sql server on macos/18.0.1.1
version/microsoft sql server 2022 (cu 5)/18.0.1.1
canonical/microsoft sql server
version/microsoft sql server/2019
version/microsoft sql server/2022
canonical/microsoft odbc driver 18 for sql server on linux
canonical/microsoft odbc driver 17 for sql server on windows
canonical/microsoft odbc driver 17 for sql server on macos
canonical/microsoft odbc driver 17 for sql server on linux
canonical/microsoft visual studio 2019 (includes 16.0 - 16.10)
version/microsoft visual studio 2019 (includes 16.0 - 16.10)/16.11
canonical/microsoft visual studio 2022
version/microsoft visual studio 2022/17.2
version/microsoft visual studio 2022/17.8
version/microsoft visual studio 2022/17.6
version/microsoft visual studio 2022/17.4
canonical/microsoft odbc driver for sql server
version/microsoft odbc driver for sql server/17.0.1.1
version/microsoft odbc driver for sql server/18.0.1.1