Windows Admin Center Privilege Escalation Vulnerability Exposed
Windows Admin Center Vulnerability
A recently disclosed vulnerability in Microsoft’s Windows Admin Center could allow attackers to escalate privileges and gain unauthorized access to a network. The flaw, identified as CVE-2026-26119, carries a CVSS score of 8.8 and was discovered by researcher Andrea Pierini of Semperis.
Technical Details
While the technical details of the vulnerability remain undisclosed, Pierini warned that it could potentially lead to a full domain compromise, even if the attacker starts with a standard user account under specific circumstances.
Mitigation and Recommendations
Microsoft released a patch for the vulnerability in Windows Admin Center version 2511 in December 2025. However, the “Exploitation More Likely” assessment suggests that the vulnerability still poses a significant risk.
Organizations that use the Windows Admin Center should ensure that they have applied the patch and are running version 2511 or later.
It is also essential for organizations to be aware of the potential risks associated with privilege escalation vulnerabilities and to take steps to mitigate them. This includes implementing least privilege access, monitoring for suspicious activity, and regularly reviewing and updating access controls.
Conclusion
The disclosure of the Windows Admin Center vulnerability highlights the importance of staying up-to-date with security patches and being aware of potential vulnerabilities in software and systems. Organizations should prioritize patch management and vulnerability remediation to reduce the risk of exploitation.
About Author
English