Windows Admin Center
by Microsoft
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-0813 | Cri | 0.64 | 9.8 | 0.04 | Apr 9, 2019 | An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations, aka 'Windows Admin Center Elevation of Privilege Vulnerability'. | ||
| CVE-2026-41086 | Hig | 0.57 | 8.8 | 0.00 | May 12, 2026 | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2023-29347 | Hig | 0.57 | 8.7 | 0.02 | Jul 11, 2023 | Windows Admin Center Spoofing Vulnerability | ||
| CVE-2026-35438 | Hig | 0.54 | 8.3 | 0.01 | May 12, 2026 | Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-42834 | Hig | 0.51 | 7.8 | 0.00 | May 20, 2026 | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2024-43475 | Hig | 0.48 | 7.3 | 0.02 | Sep 10, 2024 | Microsoft Windows Admin Center Information Disclosure Vulnerability | ||
| CVE-2026-32196 | Med | 0.40 | 6.1 | 0.00 | Apr 14, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-29819 | Med | 0.40 | 6.2 | 0.01 | Apr 8, 2025 | External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. | ||
| CVE-2021-27066 | Med | 0.28 | 4.3 | 0.03 | Mar 11, 2021 | Windows Admin Center Security Feature Bypass Vulnerability | ||
| CVE-2026-23660 | 0.00 | — | 0.00 | Mar 10, 2026 | Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. | |||
| CVE-2026-26119 | 0.00 | — | 0.01 | Feb 17, 2026 | Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2026-20965 | 0.00 | — | 0.00 | Jan 13, 2026 | Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-64669 | 0.00 | — | 0.00 | Dec 11, 2025 | Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally. |
- risk 0.64cvss 9.8epss 0.04
An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations, aka 'Windows Admin Center Elevation of Privilege Vulnerability'.
- risk 0.57cvss 8.8epss 0.00
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
- risk 0.57cvss 8.7epss 0.02
Windows Admin Center Spoofing Vulnerability
- risk 0.54cvss 8.3epss 0.01
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
- risk 0.51cvss 7.8epss 0.00
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
- risk 0.48cvss 7.3epss 0.02
Microsoft Windows Admin Center Information Disclosure Vulnerability
- risk 0.40cvss 6.1epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
- risk 0.40cvss 6.2epss 0.01
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
- risk 0.28cvss 4.3epss 0.03
Windows Admin Center Security Feature Bypass Vulnerability
- CVE-2026-23660Mar 10, 2026risk 0.00cvss —epss 0.00
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
- CVE-2026-26119Feb 17, 2026risk 0.00cvss —epss 0.01
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
- CVE-2026-20965Jan 13, 2026risk 0.00cvss —epss 0.00
Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.
- CVE-2025-64669Dec 11, 2025risk 0.00cvss —epss 0.00
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.