An attacker may be able to increase their privileges in Windows Admin Center due to a security flaw that Microsoft has now patched This article explores admin center security. . With Windows Admin Center, users can manage their Windows Clients, Servers, and Clusters locally and through a browser without having to connect to the cloud.

"Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network," Microsoft stated in an advisory published on February 17, 2026, referring to the high-severity vulnerability, tracked as CVE-2026-26119, which has a CVSS score of 8.8 out of a possible 10.0. "The rights of the user executing the compromised application would be obtained by the attacker." The vulnerability was found and reported by Andrea Pierini, a Semperis researcher, according to Microsoft.

It's important to note that the tech giant fixed the security flaw in Windows Admin Center version 2511, which was made available in December 2025. This vulnerability has been marked as "Exploitation More Likely" even though the Windows manufacturer makes no mention of it being exploited in the wild.