Skip to main content

Sql Server 2016 CVE-2026-26115

HIGH
Improper Validation of Specified Type of Input (CWE-1287)
2026-03-10 secure@microsoft.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Mar 10, 2026 - 18:18 nvd
HIGH 8.8

DescriptionCVE.org

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

AnalysisAI

Privilege escalation in SQL Server 2016-2025 stems from insufficient input validation, enabling authenticated network attackers to gain elevated permissions. The high CVSS score of 8.8 reflects complete compromise of confidentiality, integrity, and availability, though no patch is currently available. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privilege SQL Server user
Exploit
Submit crafted input bypassing type validation
Execution
Trigger privilege escalation logic
Impact
Gain high-privilege database access

Vulnerability AssessmentAI

Exploitation Attacker must possess valid SQL Server user credentials with initial database access. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 8.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker could exploit this vulnerability to compromise the affected system.
Remediation Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all SQL Server installations and document which versions are affected; restrict database access to only essential users and implement strict role-based access controls. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-21262 HIGH POC
8.8 Mar 10

SQL Server 2016-2025 contains an improper access control flaw that allows authenticated network attackers to escalate pr

CVE-2025-49759 HIGH
8.8 Aug 12

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized

CVE-2025-49758 HIGH
8.8 Aug 12

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized

CVE-2025-53727 HIGH
8.8 Aug 12

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized

CVE-2026-26116 HIGH
8.8 Mar 10

Authenticated users can exploit SQL injection vulnerabilities in SQL Server 2016-2025 to escalate privileges and gain un

CVE-2025-49719 HIGH
7.5 Jul 08

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

CVE-2025-59499 HIGH
8.8 Nov 11

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized

CVE-2025-55227 HIGH
8.8 Sep 09

Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized a

CVE-2025-47997 MEDIUM
6.5 Sep 09

Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an auth

CVE-2025-24999 HIGH
8.8 Aug 12

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high sev

Share

CVE-2026-26115 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy