Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Network-reachable gateway (AV:N) with low complexity (AC:L); an existing authorized low-privileged session is required (PR:L), yielding high confidentiality and integrity impact but no availability effect.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
AnalysisAI
Privilege elevation in Microsoft Windows Admin Center allows an already-authenticated (low-privileged) network attacker to bypass improper authentication controls and gain higher privileges, exposing high-value confidentiality and integrity impact. Rated CVSS 8.1 with low attack complexity and no user interaction, the flaw is remotely reachable but requires an existing authorized session. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already possess a valid low-privileged authorized session or credential on the Windows Admin Center gateway (CVSS PR:L), and network reachability to the WAC management endpoint (AV:N); no user interaction is needed (UI:N) and attack complexity is low (AC:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) describes a network-reachable, low-complexity, no-interaction flaw that nonetheless requires pre-existing low-level privileges (PR:L), so it is a privilege-escalation from an authenticated foothold rather than fully unauthenticated compromise - a meaningful limiter on real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who already holds a low-privileged but authorized account on the Windows Admin Center gateway (for example a limited operator, or an account obtained via phishing) sends crafted requests that exploit the improper authentication check to assert administrative authority. With no user interaction and low complexity, they then perform high-impact read/write management operations against connected servers. … |
| Remediation | Apply the Microsoft-provided fix documented at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-56169 (Patch available per vendor advisory); consult that MSRC entry for the exact patched Windows Admin Center build number, which was not included in the supplied intelligence and should not be assumed. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all systems running Windows Admin Center and access the Microsoft MSRC advisory for CVE-2026-56169 to confirm patch version and deployment procedures specific to your environment. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Windows Admin Center
View allRemote code execution in Microsoft Windows Admin Center allows an authenticated attacker to run arbitrary code over the
Authenticated remote code execution in Microsoft Windows Admin Center (CWE-77) lets an attacker with low-privilege acces
An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain s
Local privilege-to-code-execution in Microsoft Windows Admin Center lets an already-authenticated, lower-privileged user
Local privilege escalation in Microsoft Windows Admin Center allows an already-authenticated, low-privileged attacker to
Windows Admin Center's authentication mechanism can be bypassed by authenticated network users to gain elevated privileg
Windows Admin Center in Azure Portal contains an access control flaw that enables local authenticated users to escalate
Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.
Windows Admin Center fails to properly validate cryptographic signatures, enabling high-privileged users to bypass secur
Windows Admin Center Spoofing Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitabl
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose i
Cross-site scripting in Microsoft Windows Admin Center enables network-based spoofing attacks against users who interact
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44044
GHSA-4f65-rfw9-ph2g