CVE-2024-43468

unknown KEV

Published 2026-02-12 · Modified 2026-02-12

CVSS v3

—

CVSS v2

—

VIR risk

1.5

Description

Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.

CISA KEV

Vendor: Microsoft
Product: Configuration Manager
Due date: 2026-03-05

Predictions

Exploit likelihood

99%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468

Exploits

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468

Verify integrity in audit chain (admin only). AS-IS.