Primary

Context

Microsoft SQL Server Elevation of Privilege Vulnerability Allowing Privilege Escalation via SQL Injection

Vulnerability

Patched

A vulnerability in Microsoft SQL Server has been identified, allowing authorized attackers to elevate privileges locally through improper neutralization of special elements in SQL commands, leading to SQL injection. This vulnerability affects several versions of SQL Server, including 2016, 2017, 2019, 2022, and 2025.

Impact

Exploitation of this vulnerability could allow an attacker to gain SQL sysadmin privileges.

Remediation

Users can apply the security updates available for their version of SQL Server. These security updates can be downloaded from the Microsoft Update Catalog or through the SQL Server Update Management feature in Azure. Instructions for determining the correct update to apply are available in the Microsoft Security Update Guide.

Added: Apr 14, 2026, 8:25 PM

Updated: Apr 14, 2026, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

5.0

exploitability

3.5

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

5.0

exploitability

3.5

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft SQL Server Elevation of Privilege Vulnerability Allowing Privilege Escalation via SQL Injection

Vulnerability

Impact

Remediation

Affected Products

Microsoft SQL Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating