Mar 2026: SQL Server Elevation of Privilege Vulnerability
CVE-2026-26116 Published on March 10, 2026

SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Vendor Advisory NVD

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2026-26116 has been classified to as a SQL Injection vulnerability or weakness.

Products Associated with CVE-2026-26116

Want to know whenever a new CVE is published for Microsoft Sql Server 2025? stack.watch will email you.

Microsoft Sql Server 2025

Affected Versions

Microsoft SQL Server 2025 (CU 2):

Version 17.0.0.0 and below 17.0.4020.2 is affected.

Microsoft SQL Server 2025 for x64-based Systems (GDR):

Version 17.0.1050.2 and below 17.0.1105.2 is affected.

Mar 2026: SQL Server Elevation of Privilege VulnerabilityCVE-2026-26116 Published on March 10, 2026

Weakness Type

What is a SQL Injection Vulnerability?

Products Associated with CVE-2026-26116

Affected Versions

Mar 2026: SQL Server Elevation of Privilege Vulnerability
CVE-2026-26116 Published on March 10, 2026