🟠 High | Source: Microsoft Security Response Center
A SQL injection vulnerability in Microsoft SQL Server allows an authenticated attacker to elevate their privileges on the local system. Although exploitation requires existing access, it could enable an attacker who has compromised a low-privileged account to gain significantly greater control. This is particularly concerning in shared or multi-tenant SQL Server environments common in Azure deployments.
Security Architect’s Take: Prioritise patching SQL Server instances, especially those exposed to multiple users or running in Azure environments — apply Microsoft’s update immediately and audit SQL Server login permissions to ensure least-privilege principles are enforced.
Original advisory: CVE-2026-47296 Microsoft SQL Server Elevation of Privilege Vulnerability