Not a user yet?
Log in Register for free Suggest a product
Update

KB5090407: addresses an XML external entity (XXE) vulnerability in the Web Service Task

SQL Server 2019SQL Server 2019
Microsoft

KB5090407 - Description of the security update for SQL Server 2019 CU32: May 12, 2026

Summary
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:

  • CVE-2026-40370 - SQL Server Remote Code Execution Vulnerability​​​​​​​​​​​​​​

The Microsoft SQL Server components are updated to the following builds in this security update:

  • SQL Server - product version: 15.0.4470.1 file version: 2019.150.4470.1

Improvements and fixes included in this update
A downloadable Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available. The Excel file also contains detailed fix lists.

5131009: This fix addresses an XML external entity (XXE) vulnerability in the Web Service Task that allows an attacker to read arbitrary files from the local file system or cause a denial-of-service (DoS) attack.

More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad