Critical Windows Admin Center Vulnerability Allows Privilege Escalation

Admin Center Vulnerability in Windows CVE-2026-26119 is a critical security update that fixes a high-severity elevation of privilege vulnerability in Windows Admin Center (WAC) This article explores vulnerability windows admin. . Inadequate authentication (CWE287) is the root cause of the vulnerability, which has a CVSS rating of 8.8 (Critical) and could grant elevated network privileges to an authorized attacker.

Microsoft claims that this vulnerability, which was made public on February 17, 2026, impacts Windows Admin Center version 2.6.4. Without additional user interaction, the vulnerability enables attackers with restricted system privileges to increase their level of access. Microsoft cautions that exploitation is "more likely" despite the fact that it has not seen active exploitation in the wild. It bases this warning on the low attack complexity and network exposure of WAC deployments.

The attacker may be able to obtain the same privileges as the person using the compromised application if the exploit is successful. Such privilege escalation could allow complete control of managed servers, alteration of system settings, and access to sensitive data, since Windows Admin Center is frequently used for centralized system administration. Andrea Pierini of Semperis is commended by Microsoft for responsibly disclosing the vulnerability.

With the most recent Windows Admin Center security update, the company has officially released a fix, and administrators are strongly encouraged to install it right away. The update and release notes are available to users via Microsoft's official channels (Security Update, Release Notes). The exploitability index suggests a greater chance of exploit development in the near future, even though no proof-of-concept (PoC) code has emerged.

Delaying patch deployment could expose networks to lateral movement and privilege misuse attacks because WAC is exposed in enterprise environments. Administrators are advised to check account permissions, observe event logs for odd privilege escalations, and adhere to Microsoft's security update guidelines. CVE.org, Microsoft's Security Update Guide, LinkedIn, and X for daily cybersecurity updates provide additional information about the official CVE.

To have your stories featured, get in touch with us.

Critical Windows Admin Center Vulnerability Allows Privilege Escalation

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026

Critical Windows Admin Center Vulnerability Allows Privilege Escalation

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026