Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

SQL Server elevation-of-privilege flaw (CVE-2026-21262)

Vulnerability
First reported
Last updated
Happening score
H score 47
2 unique sources, 2 articles

Summary

Hide ▲

Microsoft patched CVE-2026-21262 in SQL Server, closing a publicly disclosed elevation-of-privilege flaw that can grant SQLAdmin privileges over the network. The vulnerability matters because an attacker with authorized access could raise privileges on affected servers. The fix is part of March 2026 Patch Tuesday and is available now.

Related Happenings

Azure Backup for AKS privilege escalation flaw

Vulnerability
First: 16.05.2026 23:55 Last: 16.05.2026 23:55 Sources 1

About this happening: A **critical Azure Backup for AKS** privilege-escalation flaw was independently validated, exposing Kubernetes clusters to **cluster-admin** takeover from the low-privileged **Bac...

Open Happening

Windows 11 BitLocker bypass YellowKey security flaw

Vulnerability
First: 14.05.2026 10:27 Last: 14.05.2026 10:27 Sources 1

About this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that can expose **BitLocker-protected drives** through the **Windows Recovery Enviro...

Latest development: 20.05.2026 10:31

Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.

Open Happening

Cursor local SQLite secret-storage exposing credentials security flaw

Vulnerability
First: 29.04.2026 18:00 Last: 29.04.2026 18:00 Sources 1

About this happening: A **high-severity** **Cursor** flaw lets installed extensions read secrets stored locally, exposing **API keys** and **session tokens** without user interaction. The weakness stem...

Open Happening

Nvidia GPU GPUBreach Rowhammer-style page-table corruption privilege-escalation flaw

Vulnerability
First: 07.04.2026 14:31 Last: 07.04.2026 14:31 Sources 1

About this happening: Researchers demonstrated **GPUBreach**, a **Rowhammer-style weakness** in **Nvidia GPUs** that can corrupt **GPU page tables** and enable **arbitrary read-write access**. When pai...

Open Happening

Magento Open Source and Adobe Commerce PolyShell unauthenticated RCE flaw

Vulnerability
First: 19.03.2026 22:01 Last: 19.03.2026 22:01 Sources 1

About this happening: **PolyShell** is a **Magento Open Source** and **Adobe Commerce** vulnerability that can enable **unauthenticated code execution** and **account takeover** across **stable version...

Open Happening

Timeline

  1. 10.03.2026 19:49 2 articles · 2mo ago

    Microsoft patches SQL Server CVE-2026-21262

    Mitigation Patch Update

    Microsoft patched CVE-2026-21262, a publicly disclosed SQL Server elevation-of-privilege vulnerability that can grant SQLAdmin privileges over a network. The fix addresses improper access control in SQL Server and is part of March 2026 Patch Tuesday.

    Show sources
    Open in new tab