Critical Privilege Escalation in Windows Admin Center (CVE-2026-26119)
Microsoft disclosed and patched a critical elevation-of-privilege vulnerability in Windows Admin Center (WAC) tracked as CVE-2026-26119. The issue is caused by improper authentication (CWE-287) and is rated CVSS 8.8 with a network attack vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). An attacker with low/limited existing privileges could exploit the flaw over the network to gain elevated privileges equivalent to the user context running WAC, which is particularly high impact given WAC’s role in centralized administration of Windows servers.
Microsoft’s advisory indicates the vulnerability was newly published in its Security Update Guide and is addressed via an official Windows Admin Center security update; organizations are advised to apply the update promptly. Public reporting also notes Microsoft has not observed active exploitation at the time of disclosure, but assesses exploitation as more likely due to low attack complexity and typical enterprise exposure of WAC deployments; no public PoC was noted. Microsoft credited Andrea Pierini (Semperis) for responsible disclosure.
Related Entities
Vulnerabilities
Organizations
Affected Products
Sources
3 more from sources like cyberpress org, cyber security news and msrc security advisories
Related Stories
Windows Kernel Elevation of Privilege Vulnerability (CVE-2026-26132)
Microsoft published details for **CVE-2026-26132**, an **Important** severity **Windows Kernel** *elevation of privilege* vulnerability caused by **CWE-416 (use-after-free)**. The issue is scored **CVSS 3.1: 7.8** with vector `AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`, indicating exploitation requires **local access** and **low complexity**, with **low privileges required** and **no user interaction**, and could result in high impact to confidentiality, integrity, and availability. Microsoft’s Security Update Guide entry provides standard machine-consumable references (e.g., *PowerShell*, *API*, and *CSAF* links) for tracking and patch management. No additional exploitation details, in-the-wild exploitation confirmation, or public proof-of-concept information is included in the provided material beyond the vulnerability classification and scoring.
6 days ago
Microsoft Windows Kernel Elevation of Privilege Vulnerability (CVE-2026-24289)
Microsoft published guidance for **CVE-2026-24289**, an **Important** severity **Windows Kernel elevation of privilege** vulnerability caused by **CWE-416 (use-after-free)**. Microsoft scored the issue with **CVSS 3.1: 7.8** (vector `AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H`), indicating exploitation requires **local** access with **low** attack complexity and **low privileges**, and could result in high impact to confidentiality, integrity, and availability if successfully exploited. The Security Update Guide entry provides standard Microsoft consumption options (e.g., *PowerShell*, API, CSAF) for tracking and integrating the advisory into vulnerability management workflows. The two provided references are effectively duplicate MSRC pages for the same CVE (one localized under `/en-US/`) and do not add distinct technical details beyond the vulnerability classification and scoring.
1 weeks agoLocal Privilege Escalation Vulnerabilities in Windows Management Tools
A critical vulnerability in the JumpCloud Remote Assist for Windows agent (CVE-2025-34352) allows a standard user on a company-managed device to gain full, persistent SYSTEM-level control. The flaw, discovered by XM Cyber, arises from the agent's uninstallation process, which performs privileged file operations in a user-controlled temporary folder. This enables local users to exploit the uninstall routine to overwrite or delete sensitive system files, resulting in either local privilege escalation or denial of service. Over 180,000 organizations using JumpCloud are potentially at risk until the issue is remediated. Separately, Microsoft’s Windows Admin Center (WAC) is affected by a local privilege escalation vulnerability (CVE-2025-64669) due to insecure directory permissions on `C:\ProgramData\WindowsAdminCenter`. Standard users can write to this directory, which is also accessed by services running with elevated privileges, allowing attackers to exploit extension uninstall mechanisms or DLL hijacking to obtain SYSTEM-level access. Both vulnerabilities highlight the risks posed by improper privilege separation and insecure file system permissions in widely deployed Windows management tools.
3 months ago