SQL Server allows malicious database access by authorized users

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.7

SQL Server allows malicious database access by authorized users

CVE-2026-32167

Summary

SQL Server has a security weakness that could allow an authorized user to gain unauthorized access to its database. This could happen if an attacker enters specific, malicious information into a database input field. To protect against this, ensure that all user input is properly validated and sanitized before it's used in SQL queries.

Original title

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

Original description

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 6.7

Vulnerability type

CWE-89 SQL Injection

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026