Vulnetix
Try Vulnetix Request Demo
CVE-2026-26118 PUBLISHED CVSS 8.800000190734863 HIGH

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.

EPSS 0.07% · 21.6th percentile

Risk Scores

CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
EPSS Score
0.07%
21.6th percentile

Affected Products

VendorProductVersions
MicrosoftMicrosoft SQL Server 2025 for x64-based Systems (GDR)17.0.1050.2
MicrosoftMicrosoft SQL Server 2016 Service Pack 3 (GDR)13.0.0
microsoftsql_server_201714.0.0, 14.0.0
MicrosoftMicrosoft SQL Server 2025 (CU 2)17.0.0.0
microsoftazure_mcp_server_tools_22.0.0-beta.1, 2.0.0-beta.1, 2.0.0-beta.1
MicrosoftAzure MCP Server Tools 2.0.0 (npm)2.0.0-beta.1, 2.0.0-beta.1, 2.0.0-beta.1
microsoftsql_server_201915.0.0.0, 15.0.0
microsoftsql_server_201613.0.0, 13.0.0
MicrosoftMicrosoft SQL Server 2022 for x64-based Systems (CU 23)16.0.0.0
MicrosoftAzure MCP Server Tools 1.0.0 (NuGet)1.0.0, 1.0.0, 1.0.0
azuremcp2.0.0-beta.1, 1.0.0, 2.0.0-beta.1
MicrosoftAzure MCP Server Tools 1.0.0 (npm)1.0.0, 1.0.0, 1.0.0
MicrosoftAzure MCP Server Tools 2.0.0 (PyPi)2.0.0-beta.1, 2.0.0-beta.1, 2.0.0-beta.1
MicrosoftMicrosoft SQL Server 2019 (GDR)15.0.0
MicrosoftMicrosoft SQL Server 2017 (GDR)14.0.0
microsoftazure_mcp_server_tools_11.0.0, 1.0.0, 1.0.0
microsoftazure_mcp_server0, 2.0.0, 2.0.0
microsoftsql_server_202517.0.0.0, 17.0.1050.2
MicrosoftMicrosoft SQL Server 2019 (CU 32)15.0.0.0
microsoftsql_server_202216.0.0, 16.0.0.0

…and 6 more

Timeline

References

Open in Interactive Console →