Mar 2026: SQL Server Elevation of Privilege Vulnerability
CVE-2026-21262 Published on March 10, 2026
SQL Server Elevation of Privilege Vulnerability
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2026-21262 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2026-21262
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft SQL Server 2016 Service Pack 3 (GDR):- Version 13.0.0 and below 13.0.6480.4 is affected.
- Version 13.0.0 and below 13.0.7075.5 is affected.
- Version 14.0.0 and below 14.0.3520.4 is affected.
- Version 14.0.0 and below 14.0.2100.4 is affected.
- Version 15.0.0.0 and below 15.0.4460.4 is affected.
- Version 15.0.0 and below 16.0.1170.5 is affected.
- Version 16.0.0 and below 16.0.1170.5 is affected.
- Version 16.0.0.0 and below 16.0.4240.4 is affected.
- Version 17.0.0.0 and below 17.0.4020.2 is affected.
- Version 17.0.1050.2 and below 17.0.1105.2 is affected.