CVE-2026-20803 | Severity.io

Description

Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

Related CPE's

microsoft

sql_server_2022

Vulnerable

References

Vendor Advisory

Weaknesses

Primary

CWE-306

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 · High

Information

Source identifier

Vulnerability status

Analyzed

Published

2026-01-13T18:16:06.630Z

3 days ago

Last modified

2026-01-16T14:35:02.720Z

4 hours ago