CISA Flags Actively Exploited Microsoft SCCM SQL Injection Vulnerability CVE-2024-43468

CISA added CVE-2024-43468, a critical SQL injection flaw in Microsoft Configuration Manager (SCCM), to its Known Exploited Vulnerabilities catalog on February 12, 2026. Federal agencies must patch by March 5, 2026, under Binding Operational Directive 22-01. Unauthenticated attackers use crafted HTTP requests to run arbitrary SQL on servers and databases. Vulnerability Breakdown Attackers target the […] The post CISA Flags Actively Exploited Microsoft SCCM SQL Injection Vulnerability CVE-2024-43468 appeared first on VPN Central.