Detections
Analytics
Security Updates for Microsoft SQL Server (January 2026) (Remote)
high Nessus Plugin ID 283735
Language:
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability (CVE-2026-20803). An authenticated attacker who successfully exploited this vulnerability could gain elevated privileges on the SQL Server instance.This update addresses the flaw by correcting how the SQL Server engine handles specific authorization requests during database operations.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Microsoft has released security updates for Microsoft SQL Server.See Also
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20803
Plugin Details
Severity: High
ID: 283735
File Name: smb_nt_ms26_jan_mssql_remote.nasl
Version: 1.2
Type: remote
Family: Misc.
Published: 1/14/2026
Updated: 1/16/2026
Configuration: Enable paranoid mode, Enable thorough checks (optional)
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C
CVSS Score Source: CVE-2026-20803
CVSS v3
Risk Factor: High
Base Score: 7.2
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:microsoft:sql_server
Required KB Items: Settings/ParanoidReport
Patch Publication Date: 1/13/2026
Vulnerability Publication Date: 1/13/2026
Reference Information
CVE: CVE-2026-20803