Full Report
Microsoft has disclosed a now-patched security flaw in Windows Admin Center that could allow an attacker to escalate their privileges. Windows Admin Center is a locally deployed, browser-based management tool set that lets users manage their Windows Clients, Servers, and Clusters without the need for connecting to the cloud. The high-severity vulnerability, tracked as CVE-2026-26119, carries a
Analysis Summary
# Vulnerability: Privilege Escalation in Windows Admin Center
## CVE Details
- **CVE ID:** CVE-2026-26119
- **CVSS Score:** 8.8 (High)
- **CWE:** Improper Authentication
## Affected Systems
- **Products:** Windows Admin Center (locally deployed, browser-based management tool)
- **Versions:** Versions prior to 2511
- **Configurations:** Systems where Windows Admin Center is used to manage Windows Clients, Servers, and Clusters.
## Vulnerability Description
CVE-2026-26119 is an improper authentication flaw. It allows an authorized attacker to elevate their privileges over a network. Technically, the flaw enables an attacker to gain the specific rights of the user currently running the affected application. According to security researchers, this can potentially lead to a full domain compromise starting from a standard user account under certain conditions.
## Exploitation
- **Status:** Not exploited in the wild (as of February 19, 2026); however, Microsoft assesses "Exploitation More Likely."
- **Complexity:** Not explicitly specified, but involves authorized network access.
- **Attack Vector:** Network
## Impact
- **Confidentiality:** High (Potential for full domain compromise)
- **Integrity:** High (Attacker gains the rights of the application user)
- **Availability:** High (Control over management tools for servers and clusters)
## Remediation
### Patches
- **Windows Admin Center version 2511:** Microsoft released this version in December 2025 to address the flaw. Users should update to version 2511 or later.
### Workarounds
- No specific manual workarounds were provided in the disclosure; immediate patching is the primary recommendation.
## Detection
- **Indicators of compromise:** Monitor for unusual privilege escalation events originating from the Windows Admin Center service.
- **Detection methods and tools:** Audit logs for Windows Admin Center to identify unexpected administrative actions or credential usage from standard user accounts.
## References
- **Vendor Advisory:** [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119)
- **Product Update:** [https://techcommunity.microsoft.com/blog/windows-admin-center-blog/windows-admin-center-version-2511-is-now-generally-available/4477048](https://techcommunity.microsoft.com/blog/windows-admin-center-blog/windows-admin-center-version-2511-is-now-generally-available/4477048)
- **Article Source:** [https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html](https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html)