ByteOS

CVSS Score-8.8||HIGH

EPSS-0.10% / 26.84%

||

7 Day CHG~0.00%

Published-10 Mar, 2026 | 17:05

Updated-14 Apr, 2026 | 16:36

SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Product-sql_server_2017 sql_server_2025 sql_server_2016 sql_server_2022 sql_server_2019 Microsoft SQL Server 2025 (CU 2)Microsoft SQL Server 2025 for x64-based Systems (GDR)

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2026-26115

CVSS Score-8.8||HIGH

EPSS-0.12% / 30.95%

||

7 Day CHG~0.00%

Published-10 Mar, 2026 | 17:05

Updated-14 Apr, 2026 | 16:36

SQL Server Elevation of Privilege Vulnerability

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

CWE ID-CWE-1287

Improper Validation of Specified Type of Input

CVE-2026-21262

CVSS Score-8.8||HIGH

EPSS-0.15% / 35.76%

||

7 Day CHG~0.00%

Published-10 Mar, 2026 | 17:04

Updated-14 Apr, 2026 | 16:35

SQL Server Elevation of Privilege Vulnerability

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

CWE ID-CWE-284

Improper Access Control

CVE-2026-20803

CVSS Score-7.2||HIGH

EPSS-0.06% / 18.68%

||

7 Day CHG~0.00%

Published-13 Jan, 2026 | 17:56

Updated-01 Apr, 2026 | 13:48

Microsoft SQL Server Elevation of Privilege Vulnerability

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.