HIGH✓ PATCH🇬🇧 English

CVE-2026-26115

CVSS 8.8v3.1pub. 2026-03-10upd. 2026-03-13

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Sql Server 2016

    APP
    Microsoft
    13.0.6300.2 – 13.0.6480.4 (bez)13.0.7000.253 – 13.0.7075.5 (bez)
  • Microsoft Sql Server 2017

    APP
    Microsoft
    14.0.1000.169 – 14.0.2100.4 (bez)14.0.3006.16 – 14.0.3520.4 (bez)
  • Microsoft Sql Server 2019

    APP
    Microsoft
    15.0.2000.5 – 15.0.2160.4 (bez)15.0.4003.23 – 15.0.4460.4 (bez)
  • Microsoft Sql Server 2022

    APP
    Microsoft
    16.0.1000.6 – 16.0.1170.5 (bez)16.0.4003.1 – 16.0.4240.4 (bez)
  • Microsoft Sql Server 2025

    APP
    Microsoft
    17.0.1000.7 – 17.0.1050.2 (bez)17.0.4006.2 – 17.0.4020.2 (bez)
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2026-40370HIGH8.8ten sam produkt

External control of file name or path in SQL Server allows an authorized attacker to execute code over a netwo...

CVE-2026-33120HIGH8.8ten sam produkt

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

CVE-2026-21262HIGH8.8ten sam produkt

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

CVE-2026-26116HIGH8.8ten sam produkt

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an a...

CVE-2026-20803HIGH7.2ten sam produkt

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges...

CVE-2026-26115 — HIGH 8.8 | CVEbaza.pl