CVE-2026-32167

MEDIUM WAF: High

CVSS 6.7 Published: 2026-04-14

CWE-89

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.

WAF Coverage Analysis

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

References

msrc.microsoft.com

Back to CVE Database