Skip to main content

Windows Admin Center CVE-2026-42834

| EUVDEUVD-2026-31104 HIGH
Improper Link Resolution Before File Access (CWE-59)
2026-05-20 microsoft GHSA-33pm-33cg-5576
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 20, 2026 - 13:30 vuln.today

DescriptionCVE.org

Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Microsoft's Windows Admin Center (Azure Portal edition) allows an authenticated low-privileged attacker to gain higher privileges by abusing symbolic link resolution before file access. The flaw, reported by Microsoft itself, carries a CVSS 7.8 with no public exploit identified at time of analysis, and a vendor patch is available via the Microsoft Security Response Center advisory.

Technical ContextAI

Windows Admin Center (WAC) in Azure Portal is Microsoft's browser-based server management console that integrates on-premises Windows Server administration into the Azure cloud experience. The root cause is CWE-59 (Improper Link Resolution Before File Access, a.k.a. 'link following'), in which the application accesses a file path without first verifying whether intermediate components are symbolic links, junctions, or hard links. On Windows, this class of bug typically lets a low-privileged user plant a reparse point so that a privileged service writes, reads, or deletes a target file outside its intended directory, enabling tampering with privileged binaries or configuration. The affected CPE is cpe:2.3:a:microsoft:windows_admin_center_in_azure_portal, confirming this is the Azure-hosted WAC component rather than the standalone gateway installation.

RemediationAI

Apply the vendor patch available per the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42834; the exact fixed build number is not included in the provided input and should be retrieved directly from MSRC before deployment. As a compensating control until patching completes, restrict interactive and remote logon to the Windows Admin Center host to trusted administrators only (using Restricted Groups, Just Enough Administration, or AppLocker) since exploitation requires local authenticated access, and audit the WAC installation directory and working folders for unexpected symlinks, junctions, or reparse points using fsutil reparsepoint query. Reducing the number of accounts with the SeCreateSymbolicLinkPrivilege on the affected host materially shrinks the attack surface but may interfere with developer or container workloads that legitimately create links.

Share

CVE-2026-42834 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy