Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
AnalysisAI
Microsoft Management Console privilege escalation affects all supported Windows versions (10, 11, Server 2012-2025) via improper access control, allowing authenticated local users to gain SYSTEM-level privileges. CVSS 7.8 (High) reflects significant impact with low attack complexity requiring only low-level user credentials. Vendor-released patches available across all affected platforms through Microsoft's May 2025 update cycle. No public exploit identified at time of analysis, though the authe
Technical ContextAI
Microsoft Management Console (MMC) is a core Windows administrative framework hosting snap-ins for system management tasks. The vulnerability stems from CWE-284 (Improper Access Control), where MMC fails to properly validate authorization boundaries when processing requests from authenticated low-privilege users. The flaw allows authenticated users to bypass privilege checks and execute administrative operations with elevated SYSTEM privileges. The widespread CPE coverage spanning Windows 10 version 1607 (2016 release) through Windows 11 26H1 and Windows Server 2012 through 2025 indicates the access control weakness exists in foundational MMC code shared across the entire modern Windows product line. The local attack vector (AV:L) and no user interaction requirement (UI:N) suggest exploitation through direct API calls or file operations rather than social engineering.
RemediationAI
Apply Microsoft's May 2025 security updates immediately via Windows Update or WSUS to patch affected systems to the fixed build versions specified in EUVD-2026-22458. For Windows 10 systems, update to builds 10.0.14393.9060 (v1607), 10.0.17763.8644 (v1809), 10.0.19044.7184 (21H2), or 10.0.19045.7184 (22H2). For Windows 11, update to builds 10.0.22631.6936 (22H3/23H2), 10.0.26100.32690 (24H2), 10.0.26200.8246 (25H2), or 10.0.28000.1836 (26H1). Windows Server environments require updates to 6.2.9200.26026 (2012), 6.3.9600.23132 (2012 R2), 10.0.14393.9060 (2016), 10.0.17763.8644 (2019), 10.0.20348.5020 (2022), 10.0.25398.2274 (2022 23H2), or 10.0.26100.32690 (2025). No workarounds identified; patching is the only effective mitigation. Prioritize internet-facing systems and environments with privileged access management gaps. Full update guidance at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27914.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22458
GHSA-72h2-6w4v-2j9w