A vulnerability, which was classified as critical, has been found in Microsoft SQL Server 2016/2017/2019/2022/2025. This affects an unknown function of the component SQL Command Parser. This manipulation causes sql injection.

This vulnerability appears as CVE-2026-47296. The attack may be initiated remotely. There is no available exploit.