Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local code execution by an already-authorized low-privileged user gives AV:L/PR:L/AC:L with no user interaction and full CIA impact, matching the vendor vector.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally.
AnalysisAI
Local privilege-to-code-execution in Microsoft Windows Admin Center lets an already-authenticated, lower-privileged user abuse an improper authorization check (CWE-285) to run arbitrary code on the host where the management tool is installed. Rated CVSS 7.8 with high confidentiality, integrity, and availability impact, it requires local access and existing low-level privileges rather than remote unauthenticated reach. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already be a local, authorized user (PR:L) on a system where Microsoft Windows Admin Center is installed and running, and to have local access to that host (AV:L) - this is a privilege-escalation/local-code-execution flaw, not a remote unauthenticated one. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, 7.8 High) describes a locally exploitable, low-complexity flaw needing existing low privileges and no user interaction, yielding full CIA impact on the affected system without scope change. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged but legitimate user of a server that hosts Windows Admin Center (for example a delegated operator or a local account) invokes a management operation whose authorization check is improperly enforced, causing the tool to execute attacker-supplied code in a higher-privilege context. With no user interaction and low attack complexity, the attacker escalates to full control of the host. … |
| Remediation | Patch available per vendor advisory: apply the Microsoft-supplied update for Windows Admin Center referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-58631, consulting that page for the exact fixed build (specific patched version not enumerated in the provided data, so do not assume a version number). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all systems running Microsoft Windows Admin Center and assess exposure by identifying which lower-privileged accounts have access. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Windows Admin Center
View allRemote code execution in Microsoft Windows Admin Center allows an authenticated attacker to run arbitrary code over the
Authenticated remote code execution in Microsoft Windows Admin Center (CWE-77) lets an attacker with low-privilege acces
An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain s
Privilege elevation in Microsoft Windows Admin Center allows an already-authenticated (low-privileged) network attacker
Local privilege escalation in Microsoft Windows Admin Center allows an already-authenticated, low-privileged attacker to
Windows Admin Center's authentication mechanism can be bypassed by authenticated network users to gain elevated privileg
Windows Admin Center in Azure Portal contains an access control flaw that enables local authenticated users to escalate
Improper authentication in Windows Admin Center allows an authorized attacker to disclose information over a network.
Windows Admin Center fails to properly validate cryptographic signatures, enabling high-privileged users to bypass secur
Windows Admin Center Spoofing Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitabl
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose i
Cross-site scripting in Microsoft Windows Admin Center enables network-based spoofing attacks against users who interact
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43775
GHSA-865x-g7fg-mwh4