KB5084819: This fix addresses an elevation of privilege vulnerability in SQL Server

KB5084819 - Description of the security update for SQL Server 2017 GDR: April 14, 2026

Summary
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:

• CVE-2026-32167 - SQL Server Elevation of Privilege Vulnerability​​​​​​​
• CVE-2026-32176 - SQL Server Elevation of Privilege Vulnerability

The Microsoft SQL Server components are updated to the following builds in this security update:

• SQL Server - product version: 14.0.2105.1, file version: 2017.140.2105.1

Improvements and fixes included in this update
A downloadable Microsoft Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available. The Excel file also contains detailed fix lists. Download this Excel file now.

Bug Reference: 5029730
Description: This fix addresses an elevation of privilege vulnerability in SQL Server linked servers that allows a low-privileged SQL Server user to gain sysadmin permissions.
Fix Area: SQL Server Engine
Component: PolyBase
Platform: Linux, Windows

Bug Reference: 4999192
Description: This fix resolves an issue in SQL Server in which improper neutralization of special elements in SQL commands (SQL injection) allows an authorized attacker to elevate privileges over a network.
Fix Area: SQL Server Engine
Component: SQL Agent
Platform: Windows
Let me know if you want it in a different format (e.g., markdown table, bullet points, or CSV style for easy copy-paste into Excel).