Microsoft has patched a high-severity vulnerability in Windows Admin Center that could allow attackers to escalate privileges over the network. The flaw, tracked as CVE-2026-26119, carries a CVSS score of 8.8 and affects environments running vulnerable versions of the management platform.

Windows Admin Center is widely used as a browser-based tool to manage Windows clients, servers, and clusters without relying on cloud connectivity. According to Microsoft, the issue stems from improper authentication, which could enable an authorized attacker to gain the same privileges as the user running the application.

The vulnerability was reported by Semperis researcher Andrea Pierini and patched in Windows Admin Center version 2511 (December 2025). Although there is currently no confirmed in-the-wild exploitation, Microsoft has flagged the bug as “Exploitation More Likely,” meaning organizations should treat it with urgency.

Security experts warn that, under certain conditions, the flaw could potentially lead to full domain compromise starting from a standard user account. Because of this risk, administrators are strongly advised to update immediately and review access controls around Windows Admin Center deployments.

Source: https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html