Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
5DescriptionCVE.org
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
AnalysisAI
Stored cross-site scripting (XSS) in Windows Admin Center before version 2.6.5.16 allows unauthenticated remote attackers to inject malicious scripts that execute in the browsers of other users, enabling account spoofing and data theft. The vulnerability requires user interaction (clicking a malicious link) but has network-wide scope, affecting all users of the Admin Center instance. Microsoft has released a patched version; exploitation is currently limited to scenarios where attackers can socially engineer clicks on crafted URLs.
Technical ContextAI
Windows Admin Center is a browser-based management platform for Windows Server infrastructure. The vulnerability stems from improper input sanitization during HTML generation (CWE-79), allowing attackers to bypass XSS protections by injecting JavaScript payloads through unvalidated parameters. The affected versions (Windows Admin Center 1809.0 through 2.6.5.15) fail to properly encode user-controlled input before rendering it in web responses. This is a classic reflected or stored XSS flaw where attacker-supplied data reaches the DOM without adequate HTML entity encoding or Content Security Policy enforcement. The network-accessible nature of Admin Center (typically exposed for remote server management) and its privileged user base make this a valuable XSS target.
RemediationAI
Upgrade Windows Admin Center to version 2.6.5.16 or later, which includes the XSS input sanitization fix. This is the primary remediation and is the only vendor-supported path forward. For environments unable to patch immediately, implement network-level controls: restrict Admin Center access to trusted networks using firewall rules or VPN, enforce multi-factor authentication to reduce account compromise impact from successful XSS exploitation, and educate users to avoid clicking suspicious links pointing to the Admin Center URL. Microsoft's security advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32196 provides patch availability confirmation and additional mitigation context. Verify the patch installation and restart the Admin Center service to ensure the fix is active.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22577
GHSA-fjm5-xhfc-2828