CVE-2026-40370
High
Published: 12 May 2026
Published
12 May 2026
Modified
12 May 2026
KEV Added
—
Patch
—
CVSS Score
8.8
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
N/A
Risk Priority
18
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-40370 is a high-severity External Control of File Name or Path (CWE-73) vulnerability. Its CVSS base score is 8.8 (High).
Operationally, it is not currently listed in the CISA KEV catalog.
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
addresses: CWE-73
Rejects externally supplied file or resource identifiers that fail validity checks.
NVD Description
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Details
- CWE(s)