Microsoft has patched CVE-2026-50468, an information-disclosure vulnerability in SQL Server 2025 that can let an authenticated attacker read sensitive information remotely. The fix shipped on July 14, 2026, in KB5101346 for the CU servicing branch and KB5102333 for the GDR branch.
Detailed in...