CVE Database · CVE-2026-32167
CVSS v3.1
6.7
EPSS
0.30%
Published
Apr 14, 2026
Modified
May 7, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HWeaknesses (CWE)
Affected Products (10)
References (1)