CVE-2026-26115

CWE-12875 documents5 sources
Severity
8.8HIGH
EPSS
0.1%
top 69.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Microsoft Microsoft SQL Server 2016 Service Pack 3 (gdr)Microsoft Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft Microsoft SQL Server 2017 (CU 31)+12 more
Timeline
PublishedMar 10

Description

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages11 packages

CVEListV5microsoft/microsoft_sql_server_2017_(gdr)14.0.014.0.2100.4
CVEListV5microsoft/microsoft_sql_server_2019_(gdr)15.0.015.0.2160.4
CVEListV5microsoft/microsoft_sql_server_2022_(gdr)16.0.016.0.1170.5
CVEListV5microsoft/microsoft_sql_server_2025_(cu_2)17.0.0.017.0.4020.2
CVEListV5microsoft/microsoft_sql_server_2017_(cu_31)14.0.014.0.3520.4

🔴Vulnerability Details

2
GHSA
GHSA-xjf9-64j8-5qjg: Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network2026-03-10
CVEList
SQL Server Elevation of Privilege Vulnerability2026-03-10

📋Vendor Advisories

1
Microsoft
SQL Server Elevation of Privilege Vulnerability2026-03-10

🕵️Threat Intelligence

1
Wiz
CVE-2026-26115 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-26115 (HIGH CVSS 8.8) | Improper validation of specified ty | cvebase.io