"Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud. The high-severity vulnerability, tracked as CVE-2026-26119, carries a CVSS score of 8.8 out of a maximum of 10.0 "Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network," Microsoft said in an advisory released on February 17, 2026."
"Microsoft credited Semperis researcher Andrea Pierini with discovering and reporting the vulnerability. It's worth mentioning that the security issue was patched by the tech giant in Windows Admin Center version 2511 released in December 2025. While the Windows maker makes no mention of this vulnerability being exploited in the wild, it has been tagged with an "Exploitation More Likely" assessment."
Windows Admin Center is a locally deployed, browser-based management tool for Windows clients, servers, and clusters. A high-severity vulnerability, CVE-2026-26119, has a CVSS score of 8.8 and allows improper authentication that lets an authorized attacker elevate privileges over a network, gaining the rights of the user running the affected application. Microsoft released an advisory on February 17, 2026, and credited Semperis researcher Andrea Pierini with discovery. The issue was patched in Windows Admin Center version 2511 in December 2025 and has been assessed as "Exploitation More Likely". Technical details remain withheld, and Pierini warned the flaw could allow full domain compromise from a standard user under certain conditions.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]