What the vulnerability does
01Description
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32167
MEDIUM
CVE-2026-32167: SQL Server Elevation of Privilege Vulnerability
CVSS base score
6.7/10
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Key dates
02Disclosure timeline
April 14, 2026
CVE published
June 1, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-3795 Bug Finder ChainCity Real Estate Investment Platform GET Parameter property sql injection
CVE-2025-13192 Popup builder with Gamification <= 2.2.0 - Unauthenticated SQL Injection via Multiple REST API Endpoints
CVE-2023-43640 TaxonWorks SQL injection vulnerability
CVE-2023-3457 SourceCodester Shopping Website index.php sql injection
CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection
