Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable escalation from an existing low-privileged authorized account (PR:L), no user interaction, low complexity, with full compromise of the ConfigMgr system.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over a network.
AnalysisAI
Privilege escalation in Microsoft Configuration Manager (versions 2509 and 2603) lets an already-authorized, low-privileged network user gain elevated privileges due to improper access control. Rated CVSS 8.8, the flaw yields full confidentiality, integrity, and availability impact and is remotely reachable, though it requires existing valid low-level access. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already hold low-level authorized access to Microsoft Configuration Manager (CVSS PR:L), reachable over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) describes a network-reachable, low-complexity attack needing only low existing privileges and no user interaction, with total impact on the compromised system - a genuinely high-priority profile for any environment running ConfigMgr, since the product's central role amplifies the blast radius. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained low-privileged but authorized access to a ConfigMgr environment (e.g., a limited operator account or a foothold on a managed client) sends crafted requests over the network to the Configuration Manager service, abusing the improper access-control check to perform actions beyond their assigned role. Because scope is unchanged but confidentiality, integrity, and availability impact are all High, the attacker escalates to elevated control of the ConfigMgr system, potentially pivoting to broader domain compromise. … |
| Remediation | Patch available per vendor advisory - apply the Microsoft-provided update for Configuration Manager referenced at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47301, prioritizing site servers and the 2509 and 2603 branches. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all systems running Configuration Manager versions 2509 and 2603 and assess network exposure to low-privileged users. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44352
GHSA-c9fw-992q-vr57