Description
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Published: 2026-05-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper access control in Windows Admin Center allows an authorized attacker to gain higher privileges over the network. The vulnerability is a classic privilege escalation flaw that could enable an attacker with network access to elevate their rights and potentially execute arbitrary actions on the target system.

Affected Systems

Microsoft Windows Admin Center deployed within the Azure Portal is affected. No specific version information is provided, so all deployments using this component should be reviewed.

Risk and Exploitability

The vulnerability scores a CVSS of 8.8, indicating high severity. EPSS data is unavailable, and it is not listed in the CISA KEV catalog. Inferred from the description, the attack requires an authorized attacker with network access to the Windows Admin Center instance; no local privilege or user interaction is explicitly required. The high CVSS score suggests significant potential impact if mitigated improperly.

Generated by OpenCVE AI on May 12, 2026 at 19:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Windows Admin Center to the latest version provided by Microsoft.
  • Restrict network access to the Windows Admin Center to trusted IP ranges or isolated virtual networks.
  • Enforce least privilege for accounts that can access the Windows Admin Center.

Generated by OpenCVE AI on May 12, 2026 at 19:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows Admin Center
CPEs cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:azure:*:*
Vendors & Products Microsoft windows Admin Center

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
Title Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft azure Portal Windows Admin Center
Weaknesses CWE-284
CPEs cpe:2.3:a:microsoft:azure_portal_windows_admin_center:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft azure Portal Windows Admin Center
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft Azure Portal Windows Admin Center Windows Admin Center
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-05T16:39:33.280Z

Reserved: 2026-04-16T19:12:36.194Z

Link: CVE-2026-41086

cve-icon Vulnrichment

Updated: 2026-05-12T19:33:33.405Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T18:17:20.450

Modified: 2026-05-15T18:38:41.047

Link: CVE-2026-41086

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T21:30:24Z

Weaknesses