vulnerability
Microsoft CVE-2026-21262: SQL Server Elevation of Privilege Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Mar 10, 2026 | Mar 10, 2026 | Apr 29, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Mar 10, 2026
Added
Mar 10, 2026
Modified
Apr 29, 2026
Description
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
Solutions
microsoft-sql_server_2016-upgrade-latest-sp3microsoft-sql_server_2017-upgrade-latest-cu31microsoft-sql_server_2017-upgrade-latest-gdrmicrosoft-sql_server_2019-upgrade-latest-cu32microsoft-sql_server_2019-upgrade-latest-gdrmicrosoft-sql_server_2022-upgrade-latest-cu23microsoft-sql_server_2022-upgrade-latest-gdrmicrosoft-sql_server_2025-upgrade-latest-cu2microsoft-sql_server_2025-upgrade-latest-gdr
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.