HIGHCVE-2026-26115Published Modified CNA microsoft
CVE-2026-26115: SQL Server Elevation of Privilege Vulnerability
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
Metrics
- CVSS v3.1
- 8.8
- Severity
- HIGH
- Fixed in
- 13.0.6480.4
- Affected Products
- 10
Fix available
13.0.6480.413.0.7075.514.0.2100.414.0.3520.415.0.2160.415.0.4460.416.0.1170.516.0.4240.417.0.1105.217.0.4020.2
Patch commits
Affected packages
- Microsoft / Microsoft SQL Server 2016 Service Pack 3 (GDR)< 13.0.6480.4 (from 13.0.0)
- Microsoft / Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack< 13.0.7075.5 (from 13.0.0)
- Microsoft / Microsoft SQL Server 2017 (CU 31)< 14.0.3520.4 (from 14.0.0)
- Microsoft / Microsoft SQL Server 2017 (GDR)< 14.0.2100.4 (from 14.0.0)
- Microsoft / Microsoft SQL Server 2019 (CU 32)< 15.0.4460.4 (from 15.0.0.0)
- Microsoft / Microsoft SQL Server 2019 (GDR)< 15.0.2160.4 (from 15.0.0)
- Microsoft / Microsoft SQL Server 2022 (GDR)< 16.0.1170.5 (from 16.0.0)
- Microsoft / Microsoft SQL Server 2022 for x64-based Systems (CU 23)< 16.0.4240.4 (from 16.0.0.0)
- Microsoft / Microsoft SQL Server 2025 (CU 2)< 17.0.4020.2 (from 17.0.0.0)
- Microsoft / Microsoft SQL Server 2025 for x64-based Systems (GDR)< 17.0.1105.2 (from 17.0.1050.2)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C