CVE-2026-26115

Description

Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.

Base Score

8.8

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.104

Vulnerability	OS Platform
SQL Server Elevation of Privilege Vulnerability for SQL Server 2016 SP3 (KB5077474)	Windows
SQL Server Elevation of Privilege Vulnerability for SQL Server 2016 SP3 Azure Connect Feature Pack (KB5077473)	Windows
SQL Server Elevation of Privilege Vulnerability for SQL Server 2017 RTM CU (KB5077471)	Windows
SQL Server Elevation of Privilege Vulnerability for SQL Server 2017 RTM (KB5077472)	Windows
SQL Server Elevation of Privilege Vulnerability for SQL Server 2019 RTM CU (KB5077469)	Windows
SQL Server Elevation of Privilege Vulnerability for SQL Server 2019 RTM (KB5077470)	Windows
SQL Server Elevation of Privilege Vulnerability for SQL Server 2022 RTM CU (KB5077464)	Windows
SQL Server Elevation of Privilege Vulnerability for SQL Server 2022 RTM (KB5077465)	Windows
SQL Server Elevation of Privilege Vulnerability for SQL Server 2025 RTM CU (KB5077466)	Windows
SQL Server Elevation of Privilege Vulnerability for SQL Server 2025 RTM (KB5077468)	Windows

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-43692	Security Update for SQL Server 2016 SP3 (KB5077474)
PATCH-43691	Security Update for SQL Server 2016 SP3 Azure Connect Feature Pack (KB5077473)
PATCH-43694	Security Update for SQL Server 2017 RTM CU (KB5077471)
PATCH-43693	Security Update for SQL Server 2017 RTM (KB5077472)
PATCH-43696	Security Update for SQL Server 2019 RTM CU (KB5077469)
PATCH-43695	Security Update for SQL Server 2019 RTM (KB5077470)
PATCH-43698	Security Update for SQL Server 2022 RTM CU (KB5077464)
PATCH-43697	Security Update for SQL Server 2022 RTM (KB5077465)
PATCH-43700	Security Update for SQL Server 2025 RTM CU (KB5077466)
PATCH-43699	Security Update for SQL Server 2025 RTM (KB5077468)