VDB

GCVE-110-NCSC-2026-118

GCVE-110-NCSC-2026-118
Advisory PublishedCVSS 6.7/10
Vulnetix · Advisory published April 14, 2026
Improper neutralization of special elements in SQL Server commands, known as SQL injection, allows an authorized attacker to locally elevate privileges within the affected system.

Weaknesses (CWE)

CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')CWE-822Untrusted Pointer Dereference

Risk Scores

CVSS 3.1
6.7/10
Medium · CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected Products

VendorProductVersionsPlatforms
Microsoftvers:unknown/*

References

advisory
advisory
advisory
advisory

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›