Microsoft Configuration Manager SQL injection RCE (CVE-2024-43468, actively exploited)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2024-43468 in Microsoft Configuration Manager (ConfigMgr/SCCM) is now actively exploited, turning a patched SQL injection flaw into a real risk for management servers and site databases. The bug can let an unauthenticated attacker execute code and run arbitrary commands with the highest privileges on the target environment. Microsoft patched the issue in October 2024, and Synacktiv later published proof-of-concept code, widening abuse potential. CISA has ordered FCEB agencies to remediate by March 5th under BOD 22-01.
Related Happenings
CISA KEV remediation order for CVE-2026-48907
Public Sector Action
H score89
First: 17.06.2026 08:50
Last: 17.06.2026 08:50
Sources 1
About this happening:
CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV remediation order for CVE-2026-48907
Public Sector ActionAbout this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector Action
H score27
First: 10.06.2026 15:00
Last: 10.06.2026 15:00
Sources 1
About this happening:
**CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
CISA BOD 26-04 prioritizes vulnerability remediation for federal civilian agencies
Public Sector ActionAbout this happening: **CISA** issued **Binding Operational Directive 26-04** to require **federal civilian agencies** to prioritize vulnerability remediation using **Asset Exposure**, **KEV Status**,...
CISA orders federal patching of Oracle WebLogic CVE-2024-21182
Public Sector Action
H score53
First: 02.06.2026 15:40
Last: 02.06.2026 15:40
Sources 1
About this happening:
CISA ordered **federal agencies** to patch **Oracle WebLogic Server** against **CVE-2024-21182** by **June 4**, creating an immediate remediation deadline for affected government...
CISA orders federal patching of Oracle WebLogic CVE-2024-21182
Public Sector ActionAbout this happening: CISA ordered **federal agencies** to patch **Oracle WebLogic Server** against **CVE-2024-21182** by **June 4**, creating an immediate remediation deadline for affected government...
CISA orders FCEB patching for CVE-2026-9082
Public Sector Action
H score70
First: 26.05.2026 11:46
Last: 26.05.2026 11:46
Sources 1
About this happening:
**CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
CISA orders FCEB patching for CVE-2026-9082
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-9082** to the **KEV Catalog** and ordered **FCEB agencies** to patch **Drupal** by **May 27**, turning an actively exploited flaw into a mandatory federa...
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector Action
H score64
First: 07.05.2026 13:57
Last: 07.05.2026 13:57
Sources 1
About this happening:
**CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
CISA KEV listing and FCEB firewall directive for CVE-2026-0300
Public Sector ActionAbout this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...
Timeline
-
13.02.2026 14:35 1 articles · 4mo ago
Synacktiv publishes proof-of-concept for CVE-2024-43468
Technical Analysis UpdateSynacktiv shared proof-of-concept exploitation code for CVE-2024-43468, demonstrating how the Microsoft Configuration Manager SQL injection flaw could be used for code execution and arbitrary command execution with the highest privileges on the server or site database.
Show sources
- CISA flags critical Microsoft SCCM flaw as exploited in attacks — www.bleepingcomputer.com — 13.02.2026 14:35
-
13.02.2026 14:35 2 articles · 4mo ago
CISA orders FCEB patching for actively exploited CVE-2024-43468
Legal Policy Action UpdateCISA flagged CVE-2024-43468 as actively exploited in the wild, ordered Federal Civilian Executive Branch agencies to patch by March 5 under Binding Operational Directive 22-01, and urged other defenders to apply vendor mitigations or discontinue use if mitigations are unavailable.
Show sources
- CISA flags critical Microsoft SCCM flaw as exploited in attacks — www.bleepingcomputer.com — 13.02.2026 14:35
- CISA flags critical Microsoft SCCM flaw as exploited in attacks — www.bleepingcomputer.com — 13.02.2026 14:35