HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2026-20803

CVSS 7.2v3.1pub. 2026-01-13upd. 2026-01-16

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Sql Server 2022

    APP
    Microsoft
    16.0.1000.6 – 16.0.1165.1 (bez)16.0.4003.1 – 16.0.4230.2 (bez)
  • Microsoft Sql Server 2025

    APP
    Microsoft
    17.0.1000.7
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2026-40370HIGH8.8ten sam produkt

External control of file name or path in SQL Server allows an authorized attacker to execute code over a netwo...

CVE-2026-33120HIGH8.8ten sam produkt

Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.

CVE-2026-26115HIGH8.8ten sam produkt

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileg...

CVE-2026-26116HIGH8.8ten sam produkt

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an a...

CVE-2026-21262HIGH8.8ten sam produkt

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.