Microsoft · Sql Server 2016 Sp3 · CVE-2026-21262
**Name of the Vulnerable Software and Affected Versions**
SQL Server versions 2016 SP3 through 2025
**Description**
An improper access control issue in SQL Server allows an authorized attacker to elevate privileges over a network. An attacker can gain `sysadmin` privileges remotely on affected SQL Server instances.
**Recommendations**
Apply the patch released in Microsoft’s March 2026 Patch Tuesday to all SQL Server versions from 2016 SP3 through 2025.