Microsoft Sql Server 2025 vulnerabilities
4 known vulnerabilities affecting microsoft/sql_server_2025.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4
Vulnerabilities
Page 1 of 1
CVE-2026-26115HIGHCVSS 8.8≥ 17.0.1000.7, < 17.0.1050.2≥ 17.0.4006.2, < 17.0.4020.22026-03-10
CVE-2026-26115 [HIGH] CWE-1287 CVE-2026-26115: Improper validation of specified type of input in SQL Server allows an authorized attacker to elevat
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2026-26116HIGHCVSS 8.8≥ 17.0.1000.7, < 17.0.1105.2≥ 17.0.4006.2, < 17.0.4020.22026-03-10
CVE-2026-26116 [HIGH] CWE-89 CVE-2026-26116: Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server a
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2026-21262HIGHCVSS 8.8≥ 17.0.1000.7, < 17.0.1105.2≥ 17.0.4006.2, < 17.0.4020.22026-03-10
CVE-2026-21262 [HIGH] CWE-284 CVE-2026-21262: Improper access control in SQL Server allows an authorized attacker to elevate privileges over a net
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2026-20803HIGHCVSS 7.2v17.0.1000.72026-01-13
CVE-2026-20803 [HIGH] CWE-306 CVE-2026-20803: Missing authentication for critical function in SQL Server allows an authorized attacker to elevate
Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.
nvd