| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2026-21262 | SQL Server Elevation of Privilege Vulnerability | Microsoft SQL Server | Important | 07-04-2026 |
Technical Information
An authenticated attacker with low-privileged SQL Server credentials could exploit improper access control in SQL Server via network access to bypass authorization checks and escalate privileges to the sysadmin role.
Patch release date: Mar 10, 2026
Further information on this vulnerability is available at : CVE-2026-21262
Affected Software
Microsoft SQL Server 2017 for x64-based Systems (GDR),Microsoft SQL Server 2019 for x64-based Systems (GDR),
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR),
Microsoft SQL Server 2017 for x64-based Systems (CU 31),
Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack,
Microsoft SQL Server 2022 for x64-based Systems (GDR),
Microsoft SQL Server 2025 for x64-based Systems (GDR),
Microsoft SQL Server 2019 for x64-based Systems (CU 32),
Microsoft SQL Server 2022 for x64-based Systems (CU 23),
Microsoft SQL Server 2025 for x64-based Systems (CU2)