VDB
CVE-2026-23665
CVE-2026-23665
PUBLISHED
CVSS 7.800000190734863 HIGH
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
EPSS 0.03% · 10.6th percentile
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
EPSS Score
0.03%
10.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | sql_server_2019 | 15.0.0, 15.0.0.0 |
| Microsoft | Microsoft SQL Server 2022 (GDR) | 16.0.0 |
| Microsoft | Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack | 13.0.0 |
| Microsoft | Microsoft SQL Server 2025 (CU 2) | 17.0.0.0 |
| microsoft | azure_linux_virtual_machines_azure_diagnostics | 1.0.0, 1.0.0, 1.0.0 |
| Microsoft | Microsoft SQL Server 2017 (CU 31) | 14.0.0 |
| Microsoft | Microsoft SQL Server 2019 (GDR) | 15.0.0 |
| Microsoft | Microsoft SQL Server 2019 (CU 32) | 15.0.0.0 |
| microsoft | sql_server_2016 | 13.0.0, 13.0.0 |
| microsoft | sql_server_2022 | 16.0.0.0, 16.0.0 |
| microsoft | linux_diagnostic_extension | 1.0.0, 1.0.0, 1.0.0 |
| Microsoft | Microsoft SQL Server 2016 Service Pack 3 (GDR) | 13.0.0 |
| microsoft | sql_server_2025 | 17.0.0.0, 17.0.1050.2 |
| Microsoft | Microsoft SQL Server 2022 for x64-based Systems (CU 23) | 16.0.0.0 |
| Microsoft | Azure Linux Virtual Machines with Azure Diagnostics extension | 1.0.0, 1.0.0, 1.0.0 |
| microsoft | sql_server_2017 | 14.0.0, 14.0.0 |
| Microsoft | Microsoft SQL Server 2025 for x64-based Systems (GDR) | 17.0.1050.2 |
| Microsoft | Microsoft SQL Server 2017 (GDR) | 14.0.0 |
Exploit Intelligence
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- SQL Server Elevation of Privilege Vulnerability (circl)
- CIRCL seen: CVE-2026-21262 (circl-sighting)
- CIRCL seen: CVE-2026-21262 (circl-sighting)
- CIRCL seen: CVE-2026-21262 (circl-sighting)
- CIRCL seen: CVE-2026-21262 (circl-sighting)
- CIRCL seen: CVE-2026-21262 (circl-sighting)
- CIRCL seen: CVE-2026-21262 (circl-sighting)
- CIRCL seen: CVE-2026-21262 (circl-sighting)
- CIRCL seen: CVE-2026-21262 (circl-sighting)
…and 21 more exploits
Timeline
- Mar 10, 2026 CVE Published
- Mar 10, 2026 PoC Published
- Mar 10, 2026 PoC Published
- Mar 10, 2026 PoC Published
- Mar 10, 2026 PoC Published
- Mar 10, 2026 PoC Published
- Mar 11, 2026 EPSS Score
- Mar 11, 2026 PoC Published
- Mar 11, 2026 PoC Published
- Mar 11, 2026 Security Advisory
- Mar 11, 2026 PoC Published
- Mar 11, 2026 PoC Published
References
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26117 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21262 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23661 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26115 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26121 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23665 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26118 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23664 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26148 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23662 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-23665 advisory