Primary

Context

Microsoft SQL Server Elevation of Privilege Vulnerability

Vulnerability

A vulnerability in Microsoft SQL Server has been identified, allowing an authorized attacker to elevate privileges over a network. This issue arises from improper validation of certain types of input, which could be exploited to gain SQL sysadmin privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain sysadmin rights on the SQL Server.

Remediation

Users can apply the security update for their specific version of SQL Server. Detailed instructions for downloading and installing these security updates are available on the Microsoft Update Catalog. SQL Server instances on Windows Azure (IaaS) can also receive these security updates through Microsoft Update or by downloading them from the Microsoft Download Center.

Added: Mar 10, 2026, 7:11 PM

Updated: Mar 10, 2026, 7:11 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

7.5

exploitability

4.9

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

7.5

exploitability

4.9

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft SQL Server Elevation of Privilege Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft SQL Server 2016

Microsoft SQL Server 2019

Microsoft SQL Server 2022

Microsoft SQL Server 2017

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating