CVE-2026-20803
published 2026-01-13CVE-2026-20803: Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_sql_server_2022 | >= 16.0.0 < 16.0.1165.1 | 16.0.1165.1 |
| microsoft | microsoft_sql_server_2022_for_x64-based_systems | >= 16.0.0.0 < 16.0.4230.2 | 16.0.4230.2 |
| microsoft | microsoft_sql_server_2025_for_x64-based_systems | >= 17.0.1050.2 < 17.0.1050.2 | 17.0.1050.2 |
| microsoft | sql_server_2022 | >= 16.0.1000.6 < 16.0.1165.1 | 16.0.1165.1 |
| microsoft | sql_server_2022 | >= 16.0.4003.1 < 16.0.4230.2 | 16.0.4230.2 |
| microsoft | sql_server_2025 | — | — |
| msrc | microsoft_sql_server_2022_for_x64-based_systems | — | — |
| msrc | microsoft_sql_server_2025_for_x64-based_systems | — | — |