VDB
CVE-2026-32176
CVE-2026-32176
PUBLISHED
CVSS 6.699999809265137 MEDIUM
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
EPSS 0.07% · 21.1th percentile
Risk Scores
CVSS v3.1
6.699999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
EPSS Score
0.07%
21.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft SQL Server 2017 (CU 31) | 14.0.0 |
| Microsoft | Microsoft SQL Server 2025 (CU 3) | 17.0.4030.1 |
| microsoft | sql_server_2025 | 17.0.4030.1, 17.0.1050.2 |
| Microsoft | Microsoft SQL Server 2019 (GDR) | 15.0.0 |
| microsoft | sql_server_2019 | 15.0.0, 15.0.0.0 |
| Microsoft | Microsoft SQL Server 2019 (CU 32) | 15.0.0.0 |
| microsoft | sql_server_2017 | 14.0.0, 14.0.0 |
| Microsoft | Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack | 13.0.0 |
| Microsoft | Microsoft SQL Server 2025 for x64-based Systems (GDR) | 17.0.1050.2 |
| Microsoft | Microsoft SQL Server 2016 Service Pack 3 (GDR) | 13.0.0 |
| Microsoft | Microsoft SQL Server 2022 (GDR) | 16.0.0 |
| Microsoft | Microsoft SQL Server 2022 for x64-based Systems (CU 24) | 16.0.0.0 |
| microsoft | sql_server_2022 | 16.0.0.0, 16.0.0 |
| microsoft | sql_server_2016 | 13.0.0, 13.0.0 |
| Microsoft | Microsoft SQL Server 2017 (GDR) | 14.0.0 |
Timeline
- Apr 14, 2026 CVE Published
- Apr 14, 2026 PoC Published
- Apr 14, 2026 PoC Published
- Apr 15, 2026 Security Advisory
- Apr 15, 2026 Security Advisory
- Apr 15, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
- Apr 16, 2026 Security Advisory
References
- SQL Server Elevation of Privilege Vulnerability vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-32176 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35611 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34757 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33103 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32631 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32184 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20945 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21637 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23653 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33810 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40385 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40386 advisory
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33120 advisory
…and 1 more