MICROSOFT has disclosed a now-patched high-severity flaw in Windows Admin Center, tracked as CVE-2026-26119, which Microsoft said could allow an authorised attacker to escalate privileges over a network. The vulnerability, with a CVSS of 8.8, stems from improper authentication and could let an attacker gain the rights of the user running the affected app. The issue was patched in Windows Admin Center version 2511, released in December 2025, and the advisory was published on 17 February 2026, according to Microsoft.
Semperis researcher Andrea Pierini is credited by The Hacker News for discovering and reporting the vulnerability, and Pierini noted on LinkedIn that the flaw could “allow a full domain compromise starting from a standard user” under certain conditions. While there is no indication of exploitation in the wild, the advisory labels the threat as exploitation more likely.