Microsoft Patches Windows Admin Center Vulnerability CVE-2026-26119 for Elevated Privileges
Windows Admin Center Vulnerability Patched by Microsoft
A vulnerability in Windows Admin Center has been addressed by Microsoft, which could have allowed attackers to escalate their privileges and gain control over a network. The issue, tracked as CVE-2026-26119, was discovered by researcher Andrea Pierini and has been patched in Windows Admin Center version 2511, released in December 2025.
What is Windows Admin Center?
Windows Admin Center is a browser-based management tool that enables users to manage Windows Clients, Servers, and Clusters without connecting to the cloud.
Vulnerability Details
The vulnerability, which carries a CVSS score of 8.8 out of 10, stems from improper authentication in the application. According to Microsoft, an authorized attacker could exploit this flaw to elevate their privileges over a network, gaining the rights of the user running the affected application.
Technical details surrounding CVE-2026-26119 are currently limited, but Pierini has noted that the vulnerability could potentially allow a full domain compromise starting from a standard user under certain conditions.
Patch and Recommendations
The patch for this vulnerability was released by Microsoft on February 17, 2026, as part of an advisory that highlighted the importance of addressing the issue. The company credited Pierini with discovering and reporting the vulnerability, which has since been addressed in the latest version of Windows Admin Center.
The vulnerability is a reminder of the importance of proper authentication and privilege management in network administration tools. Administrators are advised to ensure that their systems are updated with the latest patches to prevent potential exploitation of this vulnerability.
About Author
English