Is Sql Server 2019 affected by CVE-2026-26115?

A critical SQL Server vulnerability (CVE-2026-26115) allows authorized users to escalate privileges and gain unauthorized system access across the network.

CVE-2026-26115

HIGH

2026-03-10 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Mar 10, 2026 - 18:18 nvd

HIGH 8.8

Description

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

Analysis

Privilege escalation in SQL Server 2016-2025 stems from insufficient input validation, enabling authenticated network attackers to gain elevated permissions. The high CVSS score of 8.8 reflects complete compromise of confidentiality, integrity, and availability, though no patch is currently available. …

Remediation

Within 24 hours: Inventory all SQL Server installations and document which versions are affected; restrict database access to only essential users and implement strict role-based access controls. Within 7 days: Deploy network segmentation to isolate SQL Server instances; enable enhanced logging and monitoring for privilege escalation attempts; conduct a security audit of current user permissions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: 0

CVE-2026-26115 vulnerability details – vuln.today

Back

CVE-2026-26115

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-26115

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code