Windows Admin Center
by Microsoft
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41086 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-42834 | Hig | 0.51 | 7.8 | — | May 20, 2026 | Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32196 | Med | 0.40 | 6.1 | 0.00 | Apr 14, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-26119 | 0.00 | — | 0.00 | Feb 17, 2026 | Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2021-27066 | 0.00 | — | 0.04 | Mar 11, 2021 | Windows Admin Center Security Feature Bypass Vulnerability |
- risk 0.57cvss 8.8epss 0.00
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
- risk 0.51cvss 7.8epss —
Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
- risk 0.40cvss 6.1epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-26119Feb 17, 2026risk 0.00cvss —epss 0.00
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
- CVE-2021-27066Mar 11, 2021risk 0.00cvss —epss 0.04
Windows Admin Center Security Feature Bypass Vulnerability