Microsoft · Sql Server · CVE-2026-32167
**Name of the Vulnerable Software and Affected Versions**
SQL Server (affected versions not specified)
**Description**
Improper neutralization of special elements used in an sql command (SQL injection) allows an authorized attacker to elevate privileges locally. SQL injection is a technique where an attacker inserts malicious SQL code into a query to manipulate the database.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.