Severity
High
Analysis Summary
CVE-2026-26127 CVSS:7.5
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-21262 CVSS:8.8
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.
Impact
- Denial of Service
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2026-26127
CVE-2026-21262
Affected Vendors
- Microsoft
Affected Products
- Microsoft SQL Server 2019 for x64-based Systems (GDR)
- Microsoft SQL Server 2022 for x64-based Systems (GDR)
- Microsoft .NET 9.0 installed on Windows
- Microsoft .NET 9.0 installed on Mac OS
- Microsoft .NET 9.0 installed on Linux
- Microsoft SQL Server 2019 for x64-based Systems (CU 32)
- Microsoft SQL Server 2017 for x64-based Systems (CU 31)
- Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 (GDR)
- Microsoft SQL Server 2017 for x64-based Systems (GDR)
- Microsoft SQL Server 2025 for x64-based Systems (GDR)
- Microsoft.Bcl.Memory 9.0
- Microsoft .NET 10.0 installed on Linux
- Microsoft .NET 10.0 installed on Mac OS
- Microsoft .NET 10.0 installed on Windows
- Microsoft.Bcl.Memory 10.0
- Microsoft SQL Server 2025 for x64-based Systems (CU2)
- Microsoft SQL Server 2022 for x64-based Systems (CU 23)
- Microsoft SQL Server 2016 for x64-based Systems Service Pack 3 Azure Connect Feature Pack
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.