KB5089900 - Description of the security update for SQL Server 2022 CU24: May 12, 2026
Applies To
SQL Server 2022 on Windows (all editions)SQL Server 2022 on Linux (all editions)
Release Date:
5/12/2026
Version:
16.0.4252.3
This security update contains fixes and resolves vulnerabilities. To learn more about the vulnerabilities, see the following security advisories:
The Microsoft SQL Server components are updated to the following builds in this security update:
A downloadable Excel workbook that contains a summary list of builds, together with their current support lifecycle, is available. The Excel file also contains detailed fix lists. Download this Excel file now.
Note: Individual entries in the following table can be referenced directly through a bookmark. If you select any bug reference ID in the table, a bookmark tag is added to the URL by using the "#bkmk_NNNNNNN" format. You can then share this URL with others so that they can jump directly to the desired fix in the table.
| Bug reference | Description | Fix area | Component | Platform | | --- | --- | --- | --- | --- | | 5175271 | This fix addresses an XML external entity (XXE) vulnerability in the Web Service Task that allows an attacker to read arbitrary files from the local file system or cause a...
16.0.1000.616.0.4252.316.0.1000.616.0.4252.3