Windows Admin Center vulnerability allows privilege escalation

As reported by The Hacker News, Microsoft has addressed a security flaw within its Windows Admin Center, a tool designed for managing Windows servers and clients. The vulnerability, if exploited, could grant unauthorized access and elevate privileges.

The high-severity vulnerability, identified as CVE-2026-26119 with a CVSS score of 8.8, was discovered by Semperis researcher Andrea Pierini. Microsoft stated that an authorized attacker could exploit improper authentication within Windows Admin Center to gain elevated privileges over a network, essentially acquiring the rights of the user running the affected application. Although the technical details remain undisclosed, Pierini indicated that the flaw could potentially lead to a full domain compromise, even starting from a standard user account under specific circumstances.

Microsoft released a patch for this issue in Windows Admin Center version 2511 in December 2025. Despite the vulnerability being patched, the "Exploitation More Likely" assessment highlights the potential risk.

Source: The Hacker News