Home / Vulnerabilities / CVE-2024-43468
CRITICAL SEVERITY
CVE-2024-43468Microsoft · Configuration Manager

Microsoft Configuration Manager SQL Injection Vulnerability

Technical Severity

CVSS v3.1 Metrics

CRITICAL
9.8 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

84.62 %
Predictive Probability
Percentile Rank
99.3 th

Documented as more likely to be exploited than 99.3% of known CVEs.

Detection Date

Feb 12, 2026

Remediation Due

Mar 05, 2026

CISA Catalog Active

Threat Analysis

Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

Remediation Directive

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

External Intelligence

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2024-43468