Microsoft Sql Server 2016 vulnerabilities

90 known vulnerabilities affecting microsoft/sql_server_2016.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL2HIGH85MEDIUM3

Vulnerabilities

Page 1 of 5

CVE-2026-26115HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6480.4≥ 13.0.7000.253, < 13.0.7075.52026-03-10

CVE-2026-26115 [HIGH] CWE-1287 CVE-2026-26115: Improper validation of specified type of input in SQL Server allows an authorized attacker to elevat Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

nvd

CVE-2026-26116HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6480.4≥ 13.0.7000.253, < 13.0.7075.52026-03-10

CVE-2026-26116 [HIGH] CWE-89 CVE-2026-26116: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

nvd

CVE-2026-21262HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6480.4≥ 13.0.7000.253, < 13.0.7075.52026-03-10

CVE-2026-21262 [HIGH] CWE-284 CVE-2026-21262: Improper access control in SQL Server allows an authorized attacker to elevate privileges over a net Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

nvd

CVE-2025-59499HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6475.1≥ 13.0.7000.253, < 13.0.7070.12025-11-11

CVE-2025-59499 [HIGH] CWE-89 CVE-2025-59499: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

nvd

CVE-2025-55227HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6470.1≥ 13.0.7000.253, < 13.0.7065.12025-09-09

CVE-2025-55227 [HIGH] CWE-77 CVE-2025-55227: Improper neutralization of special elements used in a command ('command injection') in SQL Server al Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

nvd

CVE-2025-47997MEDIUMCVSS 5.3≥ 13.0.6300.2, < 13.0.6470.1≥ 13.0.7000.253, < 13.0.7065.12025-09-09

CVE-2025-47997 [MEDIUM] CWE-200 CVE-2025-47997: Concurrent execution using shared resource with improper synchronization ('race condition') in SQL S Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.

nvd

CVE-2025-24999HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6465.1≥ 13.0.7000.253, < 13.0.7060.12025-08-12

CVE-2025-24999 [HIGH] CWE-284 CVE-2025-24999: Improper access control in SQL Server allows an authorized attacker to elevate privileges over a net Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

nvd

CVE-2025-49758HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6465.1≥ 13.0.7000.253, < 13.0.7060.12025-08-12

CVE-2025-49758 [HIGH] CWE-269 CVE-2025-49758: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

nvd

CVE-2025-53727HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6465.1≥ 13.0.7000.253, < 13.0.7060.12025-08-12

CVE-2025-53727 [HIGH] CWE-89 CVE-2025-53727: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

nvd

CVE-2025-49759HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6465.1≥ 13.0.7000.253, < 13.0.7060.12025-08-12

CVE-2025-49759 [HIGH] CWE-89 CVE-2025-49759: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

nvd

CVE-2025-49719HIGHCVSS 7.5≥ 13.0.6300.2, < 13.0.6460.7≥ 13.0.7000.253, < 13.0.7055.92025-07-08

CVE-2025-49719 [HIGH] CWE-20 CVE-2025-49719: Improper input validation in SQL Server allows an unauthorized attacker to disclose information over Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

nvd

CVE-2024-49021HIGHCVSS 7.8≥ 13.0.6300.2, < 13.0.6455.2≥ 13.0.7000.253, < 13.0.7050.22024-11-12

CVE-2024-49021 [HIGH] CWE-416 CVE-2024-49021: Microsoft SQL Server Remote Code Execution Vulnerability Microsoft SQL Server Remote Code Execution Vulnerability

nvd

CVE-2024-49015HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6455.2≥ 13.0.7000.253, < 13.0.7050.22024-11-12

CVE-2024-49015 [HIGH] CWE-122 CVE-2024-49015: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

nvd

CVE-2024-48995HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6455.2≥ 13.0.7000.253, < 13.0.7050.22024-11-12

CVE-2024-48995 [HIGH] CWE-122 CVE-2024-48995: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

nvd

CVE-2024-38255HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6455.2≥ 13.0.7000.253, < 13.0.7050.22024-11-12

CVE-2024-38255 [HIGH] CWE-122 CVE-2024-38255: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

nvd

CVE-2024-48996HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6455.2≥ 13.0.7000.253, < 13.0.7050.22024-11-12

CVE-2024-48996 [HIGH] CWE-122 CVE-2024-48996: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

nvd

CVE-2024-49003HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6455.2≥ 13.0.7000.253, < 13.0.7050.22024-11-12

CVE-2024-49003 [HIGH] CWE-416 CVE-2024-49003: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

nvd

CVE-2024-49007HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6455.2≥ 13.0.7000.253, < 13.0.7050.22024-11-12

CVE-2024-49007 [HIGH] CWE-122 CVE-2024-49007: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

nvd

CVE-2024-49008HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6455.2≥ 13.0.7000.253, < 13.0.7050.22024-11-12

CVE-2024-49008 [HIGH] CWE-122 CVE-2024-49008: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

nvd

CVE-2024-49004HIGHCVSS 8.8≥ 13.0.6300.2, < 13.0.6455.2≥ 13.0.7000.253, < 13.0.7050.22024-11-12

CVE-2024-49004 [HIGH] CWE-122 CVE-2024-49004: SQL Server Native Client Remote Code Execution Vulnerability SQL Server Native Client Remote Code Execution Vulnerability

nvd

1 / 5Next →