CVE-2026-21262 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: March 11, 2026
Microsoft SQL Server - Broken Access Control
Published: March 10, 2026Updated: March 11, 2026Remote Exploitable
Overview
Microsoft SQL Server contains a broken access control vulnerability allowing authorized attackers to elevate privileges over a network, exploit requires attacker to be authorized.
Severity & Score
Severity: High
CVSS Score: 8.8
EPSS Score: 8.1%(Probability of exploitation in next 30 days)
Impact
Authorized attackers can elevate their privileges, potentially gaining full control over the database server.
Mitigation
Update to the latest version of Microsoft SQL Server.
Social Media Activity(1 post)
Chris Short
@ChrisShort
March 2026 Microsoft Patch Tuesday | Tenable® #devopsish https://www.tenable.com/blog/microsofts-march-2026-patch-tuesday-addresses-83-cves-cve-2026-21262-cve-2026-26127
View original postRelated Resources
Details
- CVE ID
- CVE-2026-21262
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_access_control
- Status
- unconfirmed
- EPSS
- 8.1%
- Social Posts
- 1
CWE
- CWE-284
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
8.1%Probability of exploitation in the next 30 days