CVE-2026-23665 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-23665 PUBLISHED CVSS 7.800000190734863 HIGH

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

EPSS 0.05% · 15.2th percentile

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS Score

0.05%

15.2th percentile

Affected Products

Vendor	Product	Versions
microsoft	sql_server_2019	15.0.0, 15.0.0.0
Microsoft	Microsoft SQL Server 2022 (GDR)	16.0.0
Microsoft	Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack	13.0.0
Microsoft	Microsoft SQL Server 2025 (CU 2)	17.0.0.0
microsoft	azure_linux_virtual_machines_azure_diagnostics	1.0.0, 1.0.0, 1.0.0
Microsoft	Microsoft SQL Server 2017 (CU 31)	14.0.0
Microsoft	Microsoft SQL Server 2019 (GDR)	15.0.0
Microsoft	Microsoft SQL Server 2019 (CU 32)	15.0.0.0
microsoft	sql_server_2016	13.0.0, 13.0.0
microsoft	sql_server_2022	16.0.0.0, 16.0.0
microsoft	linux_diagnostic_extension	1.0.0, 1.0.0, 1.0.0
Microsoft	Microsoft SQL Server 2016 Service Pack 3 (GDR)	13.0.0
microsoft	sql_server_2025	17.0.0.0, 17.0.1050.2
Microsoft	Microsoft SQL Server 2022 for x64-based Systems (CU 23)	16.0.0.0
Microsoft	Azure Linux Virtual Machines with Azure Diagnostics extension	1.0.0, 1.0.0, 1.0.0
microsoft	sql_server_2017	14.0.0, 14.0.0
Microsoft	Microsoft SQL Server 2025 for x64-based Systems (GDR)	17.0.1050.2
Microsoft	Microsoft SQL Server 2017 (GDR)	14.0.0

Timeline

Mar 10, 2026 CVE Published
Mar 10, 2026 PoC Published
Mar 10, 2026 PoC Published
Mar 10, 2026 PoC Published
Mar 10, 2026 PoC Published
Mar 10, 2026 PoC Published
Mar 11, 2026 EPSS Score
Mar 11, 2026 PoC Published
Mar 11, 2026 PoC Published
Mar 11, 2026 Security Advisory
Mar 11, 2026 PoC Published
Mar 11, 2026 PoC Published

References

Open in Interactive Console →