Week 9 – Privilege Escalation Flaw in Windows Admin Center
23 Feb – 01 Mar 2026
In this week’s CVE of the Week, we’ll be looking at a high security flaw of improper authentication in Microsoft Windows Admin Center that allows an authorized attacker to elevate privileges over a network.
Windows Admin Center is a locally deployed, browser-based management platform that enables administrators to centrally manage Windows clients, Windows Server environments, clusters, and Azure virtual machines without requiring cloud connectivity. Commonly installed on dedicated, high-trust management hosts that store privileged credentials and service tokens, it provides comprehensive control over server infrastructure, making it particularly well suited for administering private, non-internet-connected networks while maintaining a centralized operational interface.
CVE-2026-26119 is a high-severity privilege escalation flaw in Windows Admin Center with a score of 8.8 caused by improper authentication/authorization logic that fails to enforce correct privilege checks for sensitive management API operations, allowing an authenticated user with low-level credentials to have their requests processed under a higher-privileged context. An attacker who already has valid access (locally or over the network, depending on environment) can exploit this by manipulating or replaying API calls to trigger administrative actions and thus elevate their privileges on the management host and potentially across managed systems.
Although Microsoft has not reported active exploitation of this vulnerability, its “Exploitation More Likely” rating is a clear cause for concern. A successful privilege-escalation attack could allow threat actors to obtain unauthorized access to sensitive systems or data, with the potential for significant impact. The issue was addressed in Windows Admin Center version 2511 (Microsoft released in December 2025) after being identified by security researcher Andrea Pierini of Semperis, who noted that under certain conditions it could enable full domain compromise starting from a standard user account.
For More Information:
https://thehackernews.com/2026/02/microsoft-patches-cve-2026-26119.html
https://cvereports.com/reports/CVE-2026-26119
https://windowsforum.com/threads/cve-2026-26119-privilege-escalation-in-windows-admin-center-on-management-hosts.401576/
https://www.linkedin.com/posts/andrea-pierini_security-update-guide-microsoft-security-activity-7429838565871788033-B7IO/
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024 and 2025.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.