microsoft

sql_server_2025

4 known vulnerabilities · sorted by CVSS score

CVE-2026-26115

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

microsoft / sql_server_2016+9

Network

Published Mar 10, 2026

CVE-2026-26116

HIGH8.8

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

microsoft / sql_server_2016+9

Network

Published Mar 10, 2026

CVE-2026-21262

HIGH8.8

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

microsoft / sql_server_2016+9

Network

Published Mar 10, 2026

CVE-2026-20803

HIGH7.2

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

microsoft / sql_server_2022+2

Network

Published Jan 13, 2026