Skip to main content

Sql Server 2019 CVE-2026-21262

HIGH
Improper Access Control (CWE-284)
2026-03-10 secure@microsoft.com
8.8
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
PoC Detected
Mar 13, 2026 - 19:33 vuln.today
Public exploit code
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Mar 10, 2026 - 18:18 nvd
HIGH 8.8

DescriptionCVE.org

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

AnalysisAI

SQL Server 2016-2025 contains an improper access control flaw that allows authenticated network attackers to escalate privileges without user interaction. Public exploit code exists for this vulnerability, which carries a CVSS score of 8.8 and affects confidentiality, integrity, and availability. No patch is currently available.

Technical ContextAI

Classified as CWE-284 (Improper Access Control). Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2024-37980 CRITICAL
9.8 Sep 10

Microsoft SQL Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is rem

CVE-2024-37341 CRITICAL
9.8 Sep 10

Microsoft SQL Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is rem

CVE-2025-49759 HIGH
8.8 Aug 12

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized

CVE-2025-49758 HIGH
8.8 Aug 12

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized

CVE-2025-53727 HIGH
8.8 Aug 12

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized

CVE-2026-26115 HIGH
8.8 Mar 10

Privilege escalation in SQL Server 2016-2025 stems from insufficient input validation, enabling authenticated network at

CVE-2026-26116 HIGH
8.8 Mar 10

Authenticated users can exploit SQL injection vulnerabilities in SQL Server 2016-2025 to escalate privileges and gain un

CVE-2024-49018 HIGH
8.8 Nov 12

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remo

CVE-2024-49017 HIGH
8.8 Nov 12

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remo

CVE-2024-49016 HIGH
8.8 Nov 12

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remo

CVE-2024-49015 HIGH
8.8 Nov 12

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remo

CVE-2024-49014 HIGH
8.8 Nov 12

SQL Server Native Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remo

Share

CVE-2026-21262 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy