• Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. • Windows Admin Centeris a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud. • The high-severity vulnerability, tracked asCVE-2026-26119, carries a CVSS score of 8.8 out of a maximum of 10.0 “Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network,” Microsoftsaidin an advisory released on February 17, 2026. • “The attacker would gain the rights of the user that is running the affected application.” Microsoft credited Semperis researcher Andrea Pierini with discovering and reporting the vulnerability. • It’s worth mentioning that the security issue was patched by the tech giant inWindows Admin Center version 2511released in December 2025. • While the Windows maker makes no mention of this vulnerability being exploited in the wild, it has been tagged with an “Exploitation More Likely” assessment.
Article Summaries:
- Microsoft has released a patch for a high‑severity privilege‑escalation flaw (CVE‑2026‑26119) in its Windows Admin Center, a locally deployed, browser‑based management tool. The vulnerability, with a CVSS score of 8.8, allowed an authenticated attacker to gain the privileges of the user running the application, potentially enabling full domain compromise. The flaw was discovered by Semperis researcher Andrea Pierini and was fixed in version 2511 released in December 2025. While no wild exploitation has been reported, the advisory labels the risk as “Exploitation More Likely.” Technical details remain undisclosed.
Sources: