What the vulnerability does
01Description
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-21262
HIGH
CVE-2026-21262: SQL Server Elevation of Privilege Vulnerability
CVSS base score
8.8/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Key dates
02Disclosure timeline
March 10, 2026
CVE published
April 14, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-47858 Details of archived public channels are leaked to members of another team
CVE-2023-35173 End-to-End encrypted file-drops can be made inaccessible
CVE-2024-43590 Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
CVE-2023-38167 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CVE-2020-5279 Improper Access Control for certain legacy controller in PrestaShop
