{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32167", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-10T23:09:43.266Z", "datePublished": "2026-04-14T16:57:30.245Z", "dateUpdated": "2026-05-12T17:38:27.195Z"}, "containers": {"cna": {"title": "SQL Server Elevation of Privilege Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*", "versionStartIncluding": "17.0.4030.1", "versionEndExcluding": "17.0.4030.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "versionStartIncluding": "16.0.0.0", "versionEndExcluding": "16.0.4250.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*", "versionStartIncluding": "14.0.0", "versionEndExcluding": "14.0.2105.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.2165.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*", "versionStartIncluding": "13.0.0", "versionEndExcluding": "13.0.6485.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*", "versionStartIncluding": "13.0.0", "versionEndExcluding": "13.0.7080.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1175.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*", "versionStartIncluding": "14.0.0", "versionEndExcluding": "14.0.3525.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*", "versionStartIncluding": "17.0.1050.2", "versionEndExcluding": "17.0.1110.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "versionStartIncluding": "15.0.0.0", "versionEndExcluding": "15.0.4465.1"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "platforms": ["x64-based Systems"], "versions": [{"version": "13.0.0", "lessThan": "13.0.6485.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "platforms": ["x64-based Systems"], "versions": [{"version": "13.0.0", "lessThan": "13.0.7080.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2017 (CU 31)", "platforms": ["x64-based Systems"], "versions": [{"version": "14.0.0", "lessThan": "14.0.3525.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2017 (GDR)", "platforms": ["x64-based Systems"], "versions": [{"version": "14.0.0", "lessThan": "14.0.2105.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2019 (CU 32)", "platforms": ["x64-based Systems"], "versions": [{"version": "15.0.0.0", "lessThan": "15.0.4465.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2019 (GDR)", "platforms": ["x64-based Systems"], "versions": [{"version": "15.0.0", "lessThan": "15.0.2165.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2022 (GDR)", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.1175.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2022 for x64-based Systems (CU 24)", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0.0", "lessThan": "16.0.4250.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2025 (CU 3)", "platforms": ["x64-based Systems"], "versions": [{"version": "17.0.4030.1", "lessThan": "17.0.4030.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)", "platforms": ["x64-based Systems"], "versions": [{"version": "17.0.1050.2", "lessThan": "17.0.1110.1", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en-US", "type": "CWE", "cweId": "CWE-89"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:38:27.195Z"}, "references": [{"name": "SQL Server Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T03:57:08.611733Z", "id": "CVE-2026-32167", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T10:34:13.625Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32167", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T03:57:08.611733Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T09:09:14.733Z"}}], "cna": {"title": "SQL Server Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "versions": [{"status": "affected", "version": "13.0.0", "lessThan": "13.0.6485.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "versions": [{"status": "affected", "version": "13.0.0", "lessThan": "13.0.7080.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2017 (CU 31)", "versions": [{"status": "affected", "version": "14.0.0", "lessThan": "14.0.3525.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2017 (GDR)", "versions": [{"status": "affected", "version": "14.0.0", "lessThan": "14.0.2105.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2019 (CU 32)", "versions": [{"status": "affected", "version": "15.0.0.0", "lessThan": "15.0.4465.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2019 (GDR)", "versions": [{"status": "affected", "version": "15.0.0", "lessThan": "15.0.2165.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2022 (GDR)", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "16.0.1175.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2022 for x64-based Systems (CU 24)", "versions": [{"status": "affected", "version": "16.0.0.0", "lessThan": "16.0.4250.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2025 (CU 3)", "versions": [{"status": "affected", "version": "17.0.4030.1", "lessThan": "17.0.4030.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)", "versions": [{"status": "affected", "version": "17.0.1050.2", "lessThan": "17.0.1110.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167", "name": "SQL Server Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "17.0.4030.1", "versionStartIncluding": "17.0.4030.1"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "16.0.4250.1", "versionStartIncluding": "16.0.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "14.0.2105.1", "versionStartIncluding": "14.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "15.0.2165.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "13.0.6485.1", "versionStartIncluding": "13.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "13.0.7080.1", "versionStartIncluding": "13.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "16.0.1175.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "14.0.3525.1", "versionStartIncluding": "14.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "17.0.1110.1", "versionStartIncluding": "17.0.1050.2"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "15.0.4465.1", "versionStartIncluding": "15.0.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-11T16:05:24.674Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32167", "state": "PUBLISHED", "dateUpdated": "2026-05-11T16:05:24.674Z", "dateReserved": "2026-03-10T23:09:43.266Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:57:30.245Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", "matchCriteriaId": "8BABE301-AB13-4B54-847B-F67EC92CD96C", "versionEndExcluding": "13.0.6485.1", "versionStartIncluding": "13.0.6300.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*", "matchCriteriaId": "31FD6563-A0B9-48C9-BA0B-BF256BFC466D", "versionEndExcluding": "13.0.7080.1", "versionStartIncluding": "13.0.7000.253", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", "matchCriteriaId": "02D807B3-0DE8-4E79-AE5A-574AD32834D4", "versionEndExcluding": "14.0.2105.1", "versionStartIncluding": "14.0.1000.169", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*", "matchCriteriaId": "F8B94B39-1964-486F-9532-5557C87AFC87", "versionEndExcluding": "14.0.3525.1", "versionStartIncluding": "14.0.3006.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "matchCriteriaId": "EA4AB606-8B66-4C89-8773-4DA1E25FB2AB", "versionEndExcluding": "15.0.2165.1", "versionStartIncluding": "15.0.2000.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "matchCriteriaId": "450ADCF3-0476-4CBE-A0F6-28AE90E9E874", "versionEndExcluding": "15.0.4465.1", "versionStartIncluding": "15.0.4003.23", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "matchCriteriaId": "FE44A0AE-ECDE-4348-923B-205C691E87DA", "versionEndExcluding": "16.0.1175.1", "versionStartIncluding": "16.0.1000.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "matchCriteriaId": "4BFEE9EB-DB7B-490D-AF61-A0162F9FE782", "versionEndExcluding": "16.0.4250.1", "versionStartIncluding": "16.0.4003.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*", "matchCriteriaId": "FC0EA29C-9CF8-4ED7-B726-BBACF39DA1A8", "versionEndExcluding": "17.0.1110.1", "versionStartIncluding": "17.0.1000.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*", "matchCriteriaId": "8220A87D-84FB-43FA-8DF0-2B4D50E69164", "versionEndExcluding": "17.0.4030.1", "versionStartIncluding": "17.0.4006.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-32167", "lastModified": "2026-05-07T19:54:15.183", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-14T18:17:19.417", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[13.0.0,13.0.7080.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2016_service_pack_3_azure_connect_feature_pack", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[14.0.0,14.0.2105.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2017 (GDR)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2017_(gdr)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[15.0.0,15.0.2165.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2019 (GDR)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2019_(gdr)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[16.0.0.0,16.0.4250.1)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2022 for x64-based Systems (CU 24)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2022_for_x64-based_systems_(cu_23)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[17.0.1050.2,17.0.1110.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2025_for_x64-based_systems_(gdr)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[13.0.0,13.0.6485.1)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "source": "cna", "vendor": "Microsoft"}, "product": "sql_server_2016", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[14.0.0,14.0.3525.1)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2017 (CU 31)", "source": "cna", "vendor": "Microsoft"}, "product": "sql_server_2017", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[15.0.0.0,15.0.4465.1)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2019 (CU 32)", "source": "cna", "vendor": "Microsoft"}, "product": "sql_server_2019", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[16.0.0,16.0.1175.1)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2022 (GDR)", "source": "cna", "vendor": "Microsoft"}, "product": "sql_server_2022", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[17.0.4030.1,17.0.4030.1)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2025 (CU 3)", "source": "cna", "vendor": "Microsoft"}, "product": "sql_server_2025", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T20:43:16.748194+00:00", "value": {"mitigation_remediation": ["Apply the Microsoft security update released for CVE\u20112026\u201132167.", "Verify all SQL Server instances are running a patched version (at least CU\u202f31 for 2017, CU\u202f32 for 2019, CU\u202f24 for 2022, or CU\u202f3 for 2025).", "Restrict local user privileges and enforce least\u2011privilege principles."], "summary": {"action": "Patch Now", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Affected products are Microsoft SQL Server 2016 Service Pack 3 (GDR) and the Azure Connect Feature Pack, SQL Server 2017 (CU\u202f31 and GDR), SQL Server 2019 (CU\u202f32 and GDR), SQL Server 2022 (GDR and CU\u202f24 for x64\u2011based systems), and SQL Server 2025 (CU\u202f3 and the x64 GDR). All listed releases run on 64\u2011bit platforms.", "description_and_impact": "Improper neutralization of special elements in SQL Server SQL commands creates a classic SQL injection vulnerability that lets a local, authorized attacker inject and execute malicious queries. The injected code can bypass normal security controls and obtain higher privileges, allowing the attacker to gain administrative rights or access sensitive data. The weakness is a classic example of CWE\u201189 SQL injection.", "risk_and_exploitability": "The CVSS base score of 6.7 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in CISA\u2019s KEV catalog, suggesting no publicly known exploits. The flaw requires a local, authenticated user with access to SQL Server; there is no mention of remote exploitation. Therefore the risk is moderate but any system with an affected SQL Server should patch promptly to eliminate the local privilege escalation pathway."}}}}, "created": "2026-04-15T14:31:56.923997+00:00", "updated": "2026-04-15T15:00:06.182340+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$microsoft_sql_server_2016_service_pack_3_azure_connect_feature_pack", "microsoft$PRODUCT$microsoft_sql_server_2017_(gdr)", "microsoft$PRODUCT$microsoft_sql_server_2019_(gdr)", "microsoft$PRODUCT$microsoft_sql_server_2022_for_x64-based_systems_(cu_23)", "microsoft$PRODUCT$microsoft_sql_server_2025_for_x64-based_systems_(gdr)", "microsoft$PRODUCT$sql_server_2016", "microsoft$PRODUCT$sql_server_2017", "microsoft$PRODUCT$sql_server_2019", "microsoft$PRODUCT$sql_server_2022", "microsoft$PRODUCT$sql_server_2025"]}