CVE-2026-21262: SQL Server Zero-Day Fixed in Microsoft’s March Patch Tuesday Release

Microsoft’s March 2026 Patch Tuesday patched CVE-2026-21262, a publicly disclosed high-severity (CVSS 8.8) SQL Server elevation-of-privilege vulnerability that could allow an authenticated low-privileged account with network access to escalate to SQL sysadmin; organizations are advised to install the matching March 10 GDR/CU security update for their servicing path and to review SQL logins, privileges, network exposure, and secrets management to mitigate risk.