CVE-2026-21262

CVSS v3.1

8.8

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SQL Server versions 2016 SP3 through 2025

Description An improper access control issue in SQL Server allows an authorized attacker to elevate privileges over a network. An attacker can gain

sysadmin

privileges remotely on affected SQL Server instances.

Recommendations Apply the patch released in Microsoft’s March 2026 Patch Tuesday to all SQL Server versions from 2016 SP3 through 2025.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2026-21262

Affected Products

Sql Server 2016 Sp3

Sql Server 2025

CVE-2026-21262

Weakness Enumeration

Related Identifiers

Affected Products

References · 11