EIP-2026-118867

PRE-CVE

Microsoft SQL Server - Database Link Crawling Command Execution (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118867. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits Microsoft SQL Server database links to execute commands on linked servers with sysadmin privileges. It crawls through database links, checks for sysadmin access, and deploys payloads via PowerShell memory injection.

Description

Microsoft SQL Server - Database Link Crawling Command Execution (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/23649

View Code ZIP pw:eip

This Metasploit module exploits Microsoft SQL Server database links to execute commands on linked servers with sysadmin privileges. It crawls through database links, checks for sysadmin access, and deploys payloads via PowerShell memory injection.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft SQL Server

Auth required

Prerequisites: Valid SQL Server credentials · Linked servers with sysadmin privileges · PowerShell installed on target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026