CVE-2026-21262
published 2026-03-10CVE-2026-21262: Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_sql_server_2016_service_pack_3 | >= 13.0.0 < 13.0.6480.4 | 13.0.6480.4 |
| microsoft | microsoft_sql_server_2016_service_pack_3_azure_connect_feature_pack | >= 13.0.0 < 13.0.7075.5 | 13.0.7075.5 |
| microsoft | microsoft_sql_server_2017 | >= 14.0.0 < 14.0.3520.4 | 14.0.3520.4 |
| microsoft | microsoft_sql_server_2017 | >= 14.0.0 < 14.0.2100.4 | 14.0.2100.4 |
| microsoft | microsoft_sql_server_2019 | >= 15.0.0 < 15.0.2160.4 | 15.0.2160.4 |
| microsoft | microsoft_sql_server_2019 | >= 15.0.0.0 < 15.0.4460.4 | 15.0.4460.4 |
| microsoft | microsoft_sql_server_2022 | >= 16.0.0 < 16.0.1170.5 | 16.0.1170.5 |
| microsoft | microsoft_sql_server_2022_for_x64-based_systems | >= 16.0.0.0 < 16.0.4240.4 | 16.0.4240.4 |
| microsoft | microsoft_sql_server_2025 | >= 17.0.0.0 < 17.0.4020.2 | 17.0.4020.2 |
| microsoft | microsoft_sql_server_2025_for_x64-based_systems | >= 17.0.1050.2 < 17.0.1105.2 | 17.0.1105.2 |
| microsoft | sql_server_2016 | >= 13.0.6300.2 < 13.0.6480.4 | 13.0.6480.4 |
| microsoft | sql_server_2016 | >= 13.0.7000.253 < 13.0.7075.5 | 13.0.7075.5 |
| microsoft | sql_server_2017 | >= 14.0.1000.169 < 14.0.2100.4 | 14.0.2100.4 |
| microsoft | sql_server_2017 | >= 14.0.3006.16 < 14.0.3520.4 | 14.0.3520.4 |
| microsoft | sql_server_2019 | >= 15.0.2000.5 < 15.0.2160.4 | 15.0.2160.4 |
| microsoft | sql_server_2019 | >= 15.0.4003.23 < 15.4460.4 | 15.4460.4 |
| microsoft | sql_server_2022 | >= 16.0.1000.6 < 16.0.1170.5 | 16.0.1170.5 |
| microsoft | sql_server_2022 | >= 16.0.4003.1 < 16.0.4240.4 | 16.0.4240.4 |
| microsoft | sql_server_2025 | >= 17.0.1000.7 < 17.0.1105.2 | 17.0.1105.2 |
| microsoft | sql_server_2025 | >= 17.0.4006.2 < 17.0.4020.2 | 17.0.4020.2 |
| msrc | microsoft_sql_server_2016_for_x64-based_systems_service_pack_3 | — | — |
| msrc | microsoft_sql_server_2016_for_x64-based_systems_service_pack_3_azure_connect_fea | — | — |
| msrc | microsoft_sql_server_2017_for_x64-based_systems | — | — |
| msrc | microsoft_sql_server_2019_for_x64-based_systems | — | — |
| msrc | microsoft_sql_server_2022_for_x64-based_systems | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH