{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32176", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-11T00:26:53.425Z", "datePublished": "2026-04-14T16:58:32.054Z", "dateUpdated": "2026-04-15T17:16:36.193Z"}, "containers": {"cna": {"title": "SQL Server Elevation of Privilege Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*", "versionStartIncluding": "17.0.4030.1", "versionEndExcluding": "17.0.4030.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*", "versionStartIncluding": "17.0.1050.2", "versionEndExcluding": "17.0.1110.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "versionStartIncluding": "16.0.0.0", "versionEndExcluding": "16.0.4250.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*", "versionStartIncluding": "14.0.0", "versionEndExcluding": "14.0.2105.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "15.0.2165.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*", "versionStartIncluding": "13.0.0", "versionEndExcluding": "13.0.6485.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*", "versionStartIncluding": "13.0.0", "versionEndExcluding": "13.0.7080.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*", "versionStartIncluding": "14.0.0", "versionEndExcluding": "14.0.3525.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1175.1"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "versionStartIncluding": "15.0.0.0", "versionEndExcluding": "15.0.4465.1"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "platforms": ["x64-based Systems"], "versions": [{"version": "13.0.0", "lessThan": "13.0.6485.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "platforms": ["x64-based Systems"], "versions": [{"version": "13.0.0", "lessThan": "13.0.7080.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2017 (CU 31)", "platforms": ["x64-based Systems"], "versions": [{"version": "14.0.0", "lessThan": "14.0.3525.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2017 (GDR)", "platforms": ["x64-based Systems"], "versions": [{"version": "14.0.0", "lessThan": "14.0.2105.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2019 (CU 32)", "platforms": ["x64-based Systems"], "versions": [{"version": "15.0.0.0", "lessThan": "15.0.4465.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2019 (GDR)", "platforms": ["x64-based Systems"], "versions": [{"version": "15.0.0", "lessThan": "15.0.2165.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2022 (GDR)", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0", "lessThan": "16.0.1175.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2022 for x64-based Systems (CU 24)", "platforms": ["x64-based Systems"], "versions": [{"version": "16.0.0.0", "lessThan": "16.0.4250.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2025 (CU 3)", "platforms": ["x64-based Systems"], "versions": [{"version": "17.0.4030.1", "lessThan": "17.0.4030.1", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)", "platforms": ["x64-based Systems"], "versions": [{"version": "17.0.1050.2", "lessThan": "17.0.1110.1", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en-US", "type": "CWE", "cweId": "CWE-89"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-15T17:16:36.193Z"}, "references": [{"name": "SQL Server Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32176"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-32176"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T03:57:06.454Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32176", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-14T19:09:02.736683Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T19:09:06.381Z"}}], "cna": {"title": "SQL Server Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.7, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "versions": [{"status": "affected", "version": "13.0.0", "lessThan": "13.0.6485.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "versions": [{"status": "affected", "version": "13.0.0", "lessThan": "13.0.7080.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2017 (CU 31)", "versions": [{"status": "affected", "version": "14.0.0", "lessThan": "14.0.3525.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2017 (GDR)", "versions": [{"status": "affected", "version": "14.0.0", "lessThan": "14.0.2105.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2019 (CU 32)", "versions": [{"status": "affected", "version": "15.0.0.0", "lessThan": "15.0.4465.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2019 (GDR)", "versions": [{"status": "affected", "version": "15.0.0", "lessThan": "15.0.2165.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2022 (GDR)", "versions": [{"status": "affected", "version": "16.0.0", "lessThan": "16.0.1175.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2022 for x64-based Systems (CU 24)", "versions": [{"status": "affected", "version": "16.0.0.0", "lessThan": "16.0.4250.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2025 (CU 3)", "versions": [{"status": "affected", "version": "17.0.4030.1", "lessThan": "17.0.4030.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}, {"vendor": "Microsoft", "product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)", "versions": [{"status": "affected", "version": "17.0.1050.2", "lessThan": "17.0.1110.1", "versionType": "custom"}], "platforms": ["x64-based Systems"]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32176", "name": "SQL Server Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "17.0.4030.1", "versionStartIncluding": "17.0.4030.1"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2025:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "17.0.1110.1", "versionStartIncluding": "17.0.1050.2"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "16.0.4250.1", "versionStartIncluding": "16.0.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "14.0.2105.1", "versionStartIncluding": "14.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "15.0.2165.1", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "13.0.6485.1", "versionStartIncluding": "13.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:sp3:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "13.0.7080.1", "versionStartIncluding": "13.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:-:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "14.0.3525.1", "versionStartIncluding": "14.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "16.0.1175.1", "versionStartIncluding": "16.0.0"}, {"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", "vulnerable": true, "versionEndExcluding": "15.0.4465.1", "versionStartIncluding": "15.0.0.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-14T16:58:32.054Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32176", "state": "PUBLISHED", "dateUpdated": "2026-04-14T19:09:26.186Z", "dateReserved": "2026-03-11T00:26:53.425Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:58:32.054Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-32176", "lastModified": "2026-04-14T18:17:20.013", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-14T18:17:20.013", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32176"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[13.0.0,13.0.6485.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2016_service_pack_3_(gdr)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[13.0.0,13.0.7080.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2016_service_pack_3_azure_connect_feature_pack", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[14.0.0,14.0.3525.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2017 (CU 31)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2017_(cu_31)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[14.0.0,14.0.2105.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2017 (GDR)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2017_(gdr)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[15.0.0.0,15.0.4465.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2019 (CU 32)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2019_(cu_32)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[15.0.0,15.0.2165.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2019 (GDR)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2019_(gdr)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[16.0.0,16.0.1175.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2022 (GDR)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2022_(gdr)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[16.0.0.0,16.0.4250.1)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2022 for x64-based Systems (CU 24)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2022_for_x64-based_systems_(cu_23)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "17.0.4030.1"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2025 (CU 3)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2025_(cu_2)", "vendor": "microsoft"}, {"configurations": [{"platform": ["x64-based_systems"], "status": "affected", "versions": {"scheme": "generic", "value": "[17.0.1050.2,17.0.1110.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Microsoft SQL Server 2025 for x64-based Systems (GDR)", "source": "cna", "vendor": "Microsoft"}, "product": "microsoft_sql_server_2025_for_x64-based_systems_(gdr)", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "sql_server_2016", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "sql_server_2017", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "sql_server_2019", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "sql_server_2022", "vendor": "microsoft"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "sql_server_2025", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T19:45:29.574131+00:00", "value": {"mitigation_remediation": ["Download and install the security update for the affected SQL Server versions from Microsoft\u2019s update guide.", "Verify the installation by checking the applied update number or executing the version info query.", "Apply the principle of least privilege to user accounts used by applications to minimize the impact of a potential injection."], "summary": {"action": "Apply Patch", "impact": "Local Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Microsoft SQL Server 2016 Service Pack 3 (GDR) and Azure Connect Feature Pack, Microsoft SQL Server 2017 CU 31 and GDR, Microsoft SQL Server 2019 CU 32 and GDR, Microsoft SQL Server 2022 GDR and x64 CU 24, and Microsoft SQL Server 2025 CU 3 and x64 GDR are affected. The issue spans both on\u2011premises deployments and Azure\u2011connected instances.", "description_and_impact": "This SQL Server vulnerability results from improper handling of special elements inside SQL commands, effectively enabling a classic SQL injection attack. An attacker who already possesses authorized access to the server can inject malicious code, which is then executed by the database engine. The consequence is a local elevation of privileges, allowing the attacker to gain higher database or operating\u2011system rights and potentially access confidential data or modify system configuration.", "risk_and_exploitability": "The CVSS score of 6.7 indicates a moderate severity. Exploitability is limited to users who already hold legitimate server access, as the flaw is local. Because the vulnerability is stored as a SQL injection, an attacker would need to craft a query that the database accepts and then trigger the elevated privileges. The EPSS score is not available and the flaw is not listed in the CISA KEV catalog, so it is not currently known to be actively exploited in the wild."}}}}, "created": "2026-04-15T14:31:56.916119+00:00", "updated": "2026-04-15T14:45:03.388521+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$microsoft_sql_server_2016_service_pack_3_(gdr)", "microsoft$PRODUCT$microsoft_sql_server_2016_service_pack_3_azure_connect_feature_pack", "microsoft$PRODUCT$microsoft_sql_server_2017_(cu_31)", "microsoft$PRODUCT$microsoft_sql_server_2017_(gdr)", "microsoft$PRODUCT$microsoft_sql_server_2019_(cu_32)", "microsoft$PRODUCT$microsoft_sql_server_2019_(gdr)", "microsoft$PRODUCT$microsoft_sql_server_2022_(gdr)", "microsoft$PRODUCT$microsoft_sql_server_2022_for_x64-based_systems_(cu_23)", "microsoft$PRODUCT$microsoft_sql_server_2025_(cu_2)", "microsoft$PRODUCT$microsoft_sql_server_2025_for_x64-based_systems_(gdr)", "microsoft$PRODUCT$sql_server_2016", "microsoft$PRODUCT$sql_server_2017", "microsoft$PRODUCT$sql_server_2019", "microsoft$PRODUCT$sql_server_2022", "microsoft$PRODUCT$sql_server_2025"]}