Jan 2026: Microsoft SQL Server Elevation of Privilege Vulnerability
CVE-2026-20803 Published on January 13, 2026
Microsoft SQL Server Elevation of Privilege Vulnerability
Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2026-20803
stack.watch emails you whenever new vulnerabilities are published in Microsoft Sql Server 2022 or Microsoft Sql Server 2025. Just hit a watch button to start following.
Affected Versions
Microsoft SQL Server 2022 (GDR):- Version 16.0.0 and below 16.0.1165.1 is affected.
- Version 16.0.0.0 and below 16.0.4230.2 is affected.
- Version 17.0.1050.2 and below 17.0.1050.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.