Mar 2026: SQL Server Elevation of Privilege Vulnerability
CVE-2026-26115 Published on March 10, 2026
SQL Server Elevation of Privilege Vulnerability
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
Weakness Type
Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Products Associated with CVE-2026-26115
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft SQL Server 2016 Service Pack 3 (GDR):- Version 13.0.0 and below 13.0.6480.4 is affected.
- Version 13.0.0 and below 13.0.7075.5 is affected.
- Version 14.0.0 and below 14.0.3520.4 is affected.
- Version 14.0.0 and below 14.0.2100.4 is affected.
- Version 15.0.0.0 and below 15.0.4460.4 is affected.
- Version 15.0.0 and below 16.0.1170.5 is affected.
- Version 16.0.0 and below 16.0.1170.5 is affected.
- Version 16.0.0.0 and below 16.0.4240.4 is affected.
- Version 17.0.0.0 and below 17.0.4020.2 is affected.
- Version 17.0.1050.2 and below 17.0.1105.2 is affected.