Not a user yet?
Log in Register for free Suggest a product
Update

KB5090408: addresses an XML external entity (XXE) vulnerability in the Web Service Task

SQL Server 2019SQL Server 2019
Microsoft

KB5090408 - Description of the security update for SQL Server 2019 GDR: May 12, 2026

Summary
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:

  • CVE-2026-40370 - SQL Server Remote Code Execution Vulnerability​​​​​​​​​​​​​​

The Microsoft SQL Server components are updated to the following builds in this security update:

  • SQL Server - product version: 15.0.2170.1, file version: 2019.150.2170.1

Improvements and fixes included in this update
A downloadable Microsoft Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available.

Bug Fixes:

  • 5131013: This fix addresses an XML external entity (XXE) vulnerability in the Web Service Task that allows an attacker to read arbitrary files from the local file system or cause a denial-of-service (DoS) attack.
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Microsoft updates

More from the Apps & Software section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad