CVE-2024-43468
CISA KEVPublished February 12, 2026 · Updated April 3, 2026
What This Means
**CVE-2024-43468: Microsoft Configuration Manager SQL Injection** An unauthenticated attacker can exploit an SQL injection flaw in Microsoft Configuration Manager by sending malicious requests that bypass input validation, allowing arbitrary SQL command execution against the backend database and potential remote code execution on the server. This vulnerability requires no authentication and can be triggered remotely, giving attackers direct access to the database and system commands. **Action items:** Immediately inventory all Configuration Manager deployments and apply the security update from Microsoft. Restrict network access to Configuration Manager endpoints using firewall rules and WAF policies. Review database and application logs for indicators of exploitation, including unusual SQL queries and failed authentication attempts from unexpected sources. If you cannot patch immediately, consider taking affected systems offline or isolating them from production networks.
Official Description+
Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
Affected Products
| Vendor | Product |
|---|---|
| Microsoft | Configuration Manager |
Patch Status
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2024-43468.