Microsoft%20SQL%20Server%202025%20(CU%203)

Microsoft SQL Server 2025 (CU 3)

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-32176

Assigner-Microsoft Corporation

View Details

Assigner-Microsoft Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.07% / 21.97%

7 Day CHG~0.00%

Published-14 Apr, 2026 | 16:58

Updated-17 Apr, 2026 | 16:13

SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

Vendor-Microsoft Corporation

Product-Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack Microsoft SQL Server 2022 for x64-based Systems (CU 24)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2025 for x64-based Systems (GDR)Microsoft SQL Server 2025 (CU 3)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (CU 32)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2022 (GDR)

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2026-32167

Assigner-Microsoft Corporation

View Details

Assigner-Microsoft Corporation

CVSS Score-6.7||MEDIUM

EPSS-0.05% / 16.61%

7 Day CHG~0.00%

Published-14 Apr, 2026 | 16:57

Updated-17 Apr, 2026 | 16:12

SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

Vendor-Microsoft Corporation

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')