Windows Admin Center Security Flaw Exposed: CVE-2026-26119 Vulnerability
A Critical Vulnerability in Windows Admin Center Exposes Organizations to Privilege Escalation Attacks
A recently disclosed vulnerability in Windows Admin Center (WAC) has raised concerns among IT administrators and infrastructure teams, as it could allow attackers to gain elevated privileges and potentially compromise entire domains.
Vulnerability Details
The flaw, tracked as CVE-2026-26119, was discovered by security consultant Andrea Pierini in July 2025 and was patched by Microsoft in December 2025 with the release of Windows Admin Center version 2511.
According to Microsoft, an attacker who successfully exploits the flaw could gain the rights of the user running the affected application. Pierini noted that under certain conditions, this issue could allow a full domain compromise starting from a standard user.
Risk and Impact
Microsoft considers exploitation of the flaw more likely, as it believes attackers could develop reliable exploit code and has observed similar vulnerabilities being targeted in real-world attacks. The company advises customers who have reviewed the security update and determined its applicability within their environment to treat this with a higher priority.
Recommendations
The vulnerability is particularly concerning given the widespread use of WAC among IT administrators and infrastructure teams to manage Windows clients, servers, clusters, Hyper-V hosts, and virtual machines, as well as Active Directory-joined systems. As a centralized management tool, WAC plays a critical role in many organizations’ IT infrastructure, making it an attractive target for attackers.
In light of this vulnerability, organizations should take immediate action to upgrade to the fixed version of Windows Admin Center. Failure to do so could leave them exposed to potential attacks, particularly as attackers may develop exploits for the flaw now that it has been publicly acknowledged.
Severity
The CVSS score assigned to CVE-2026-26119 indicates that it can be exploited with low effort, no user interaction, and minimal privileges. This, combined with the potential for domain-wide compromise, makes it essential for organizations to prioritize patching and ensure they are running the latest version of Windows Admin Center.
About Author
English