Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
History

Tue, 14 Jul 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack
Microsoft microsoft Sql Server 2017 (gdr)
Microsoft microsoft Sql Server 2019 (gdr)
Microsoft microsoft Sql Server 2022 For X64-based Systems (cu 23)
Microsoft microsoft Sql Server 2025 For X64-based Systems (gdr)
Vendors & Products Microsoft microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack
Microsoft microsoft Sql Server 2017 (gdr)
Microsoft microsoft Sql Server 2019 (gdr)
Microsoft microsoft Sql Server 2022 For X64-based Systems (cu 23)
Microsoft microsoft Sql Server 2025 For X64-based Systems (gdr)

Tue, 14 Jul 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 14 Jul 2026 17:15:00 +0000

Type Values Removed Values Added
Description Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
Title Microsoft SQL Server Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft sql Server 2016
Microsoft sql Server 2017
Microsoft sql Server 2019
Microsoft sql Server 2022
Microsoft sql Server 2025
Weaknesses CWE-89
CPEs cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*
cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*
cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*
cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*
Vendors & Products Microsoft
Microsoft sql Server 2016
Microsoft sql Server 2017
Microsoft sql Server 2019
Microsoft sql Server 2022
Microsoft sql Server 2025
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}


cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-07-14T19:36:23.304Z

Reserved: 2026-05-18T23:53:33.897Z

Link: CVE-2026-47296

cve-icon Vulnrichment

Updated: 2026-07-14T17:44:39.328Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-14T21:00:03Z