Microsoft has revealed that it has patched a security flaw in Windows Admin Center that could allow an attacker to escalate privileges.
Windows Admin Center is a locally deployed, browser-based set of management tools that allows users to manage Windows clients, servers, and clusters without connecting to the cloud.
The high severity vulnerability tracked as CVE-2026-26119 has a CVSS score of 8.8 out of a maximum of 10.0.
“Improper authentication in Windows Admin Center could allow an authorized attacker to escalate privileges over the network, allowing the attacker to gain the rights of the user running the affected application,” Microsoft said in an advisory published on February 17, 2026.
Microsoft credits Semperis researcher Andrea Pierini with discovering and reporting the vulnerability. It is worth mentioning that this security issue was fixed by the tech giant in Windows Admin Center version 2511 released in December 2025.
The Windows manufacturer has not indicated that this vulnerability has been exploited, but it has been rated as “likely to be exploited.”
Technical details related to CVE-2026-26119 are not currently available, but this may change soon. In a post shared on LinkedIn, Pierini said the vulnerability could, under certain conditions, “allow for a complete domain compromise starting with a standard user.”
Source link
