Description
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Published: 2026-05-12
Score: 8.3 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing authorization in Windows Admin Center permits an attacker with existing access to gain higher privileges. The flaw allows the transition from a regular user role to an administrative level, compromising the confidentiality, integrity, and availability of the managed environment. The weakness falls under CWE-862 and can enable unilateral changes to configuration, service startup, or user accounts.

Affected Systems

Affected vendors: Microsoft; product: Windows Admin Center. No specific version ranges are listed in the CNA data, so all installations may be vulnerable until an update is applied.

Risk and Exploitability

The CVSS score of 8.3 marks it as high severity. EPSS is unavailable, and it is not yet listed in CISA's KEV catalog. The likely attack vector is remote, via the network interface used by Windows Admin Center, and requires an attacker to have authenticated access. Once authenticated, exploitation can occur without additional user interaction, raising the risk to significant systems.

Generated by OpenCVE AI on May 12, 2026 at 19:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch for CVE-2026-35438 when released.
  • Reduce privileges for accounts that have access to Windows Admin Center and enforce least‑privilege principles.
  • Enable and routinely review audit logging for privilege changes and anomalous access patterns within Windows Admin Center.

Generated by OpenCVE AI on May 12, 2026 at 19:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Title Windows Admin Center Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft windows Admin Center
Weaknesses CWE-862
CPEs cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows Admin Center
References
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Windows Admin Center
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-05-13T03:57:16.694Z

Reserved: 2026-04-02T19:21:11.805Z

Link: CVE-2026-35438

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:14.030

Modified: 2026-05-12T18:17:14.030

Link: CVE-2026-35438

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T20:00:12Z

Weaknesses