Primary

Context

Microsoft SQL Server Privilege Escalation Vulnerability via SQL Injection

Vulnerability

Patched

A SQL injection vulnerability has been identified in Microsoft SQL Server, allowing an authorized attacker to elevate privileges over a network. This issue arises from improper neutralization of special elements used in SQL commands, enabling attackers with explicit permissions to gain SQL sysadmin privileges.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation to SQL sysadmin rights.

Remediation

Users should update to the latest security update for their version of SQL Server. Specific update instructions can be found in the Microsoft Knowledge Base articles linked in the vulnerability details.

Added: Mar 10, 2026, 7:10 PM

Updated: Mar 10, 2026, 7:10 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

5.0

exploitability

4.9

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

5.0

exploitability

4.9

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft SQL Server Privilege Escalation Vulnerability via SQL Injection

Vulnerability

Impact

Remediation

Affected Products

Microsoft SQL Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating