Main Vulnerability Database Vulnerabilities #VU123758

Improper Validation of Specified Type of Input in Microsoft SQL Server - CVE-2026-26115

Published: March 10, 2026

Vulnerability identifier: #VU123758

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-26115

CWE-ID: CWE-1287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Microsoft SQL Server

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improper validation of specified type of input in SQL Server, which leads to security restrictions bypass and privilege escalation.

How to mitigate CVE-2026-26115

Install updates from vendor's website.

Sources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26115

Improper Validation of Specified Type of Input in Microsoft SQL Server - CVE-2026-26115

Detailed vulnerability description

How to mitigate CVE-2026-26115

Sources

Please verify you're human