Sql Server 2016
CVE-2026-26115
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
AnalysisAI
Privilege escalation in SQL Server 2016-2025 stems from insufficient input validation, enabling authenticated network attackers to gain elevated permissions. The high CVSS score of 8.8 reflects complete compromise of confidentiality, integrity, and availability, though no patch is currently available. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must possess valid SQL Server user credentials with initial database access. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 8.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker could exploit this vulnerability to compromise the affected system. |
| Remediation | Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all SQL Server installations and document which versions are affected; restrict database access to only essential users and implement strict role-based access controls. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Sql Server 2016
View allSQL Server 2016-2025 contains an improper access control flaw that allows authenticated network attackers to escalate pr
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized
Authenticated users can exploit SQL injection vulnerabilities in SQL Server 2016-2025 to escalate privileges and gain un
Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized
Improper neutralization of special elements used in a command ('command injection') in SQL Server allows an authorized a
Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an auth
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high sev
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today