CVE-2026-26119
published 2026-02-17CVE-2026-26119: Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.80%
52.1th percentile
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_admin_center | < 2511 | 2511 |
| microsoft | windows_admin_center | >= 1809.0 < 2.6.4 | 2.6.4 |
| msrc | windows_admin_center | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-26119 affects Windows Admin Center (cpe:2.3:a:microsoft:windows_admin_center) and exploits improper authentication to allow network-based privilege escalation. Monitor for unexpected privilege elevation events originating from Windows Admin Center sessions over the network. ↗
- →The attacker gains the rights of the user running the affected Windows Admin Center application. Alert on processes or actions spawned by the Windows Admin Center service account with elevated privileges not consistent with normal operation. ↗
- →Microsoft rates this vulnerability as 'Exploitation More Likely' despite no confirmed in-the-wild exploitation at time of publication. Prioritize patching and monitor Windows Admin Center network traffic for anomalous authentication attempts. ↗
- →A public exploit exists for CVE-2026-26119. Treat any unauthenticated or improperly authenticated requests to Windows Admin Center endpoints as high-priority alerts. ↗
- ·The fix for CVE-2026-26119 was released on February 20, 2026 (two separate fix entries). Ensure Windows Admin Center is updated to the patched version referenced at https://aka.ms/wac2511. ↗
- ·Customer action is required to remediate this vulnerability; it is not automatically patched. Refer to the official release notes linked from the MSRC advisory. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w5xc-rm8g-jf7m: Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network
ghsa_unreviewed·2026-02-18
CVE-2026-26119 [HIGH] CWE-287 GHSA-w5xc-rm8g-jf7m: Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Microsoft
Windows Admin Center Elevation of Privilege Vulnerability
vendor_msrc·2026-02-10·CVSS 8.8
CVE-2026-26119 [HIGH] CWE-287 Windows Admin Center Elevation of Privilege Vulnerability
Windows Admin Center Elevation of Privilege Vulnerability
Description: Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
The attacker would gain the rights of the user that is running the affected application.
Windows Admin Center: Windows Admin Center
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely
Remediation: Release Notes
Reference: https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/overview
Reference: https://aka.ms/wac2511
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-64669 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2025-64669 [MEDIUM] CVE-2025-64669 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-64669 :
Windows Admin Center vulnerability analysis and mitigation
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.
Source : NVD
## 7.8
Score
Published December 11, 2025
Severity HIGH
CNA Score 7.8
Affected Technologies
Windows Admin Center
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:microsoft:windows_admin_center
Sources
Windows Severity HIGH Has Fix Added at: Dec 12, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Relat
Wiz
CVE-2026-20965 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2026-20965 [MEDIUM] CVE-2026-20965 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20965 :
Windows Admin Center vulnerability analysis and mitigation
Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.
Source : NVD
## 7.5
Score
Published January 13, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Windows Admin Center
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:microsoft:windows_admin_center
Sources
Windows Severity HIGH Has Fix Added at: Jan 18, 2026
Windows Severity HIGH Has Fix Added at: Jan 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud
Wiz
CVE-2026-26119 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2026-26119 [MEDIUM] CVE-2026-26119 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26119 :
Windows Admin Center vulnerability analysis and mitigation
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Source : NVD
## 8.8
Score
Published February 17, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Windows Admin Center
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:microsoft:windows_admin_center
Sources
Windows Severity HIGH Has Fix Added at: Feb 20, 2026
Windows Severity HIGH Has Fix Added at: Feb 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can fo
Wiz
CVE-2026-23660 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2026-23660 [MEDIUM] CVE-2026-23660 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23660 :
Windows Admin Center vulnerability analysis and mitigation
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
Source : NVD
## 7.8
Score
Published March 10, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
Windows Admin Center
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:microsoft:windows_admin_center
Sources
Windows Severity HIGH Has Fix Added at: Mar 19, 2026
Windows Severity HIGH Has Fix Added at: Mar 20, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can
2026-02-17
Published