Microsoft Windows Admin Center — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Windows Admin Center, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2019-0813 — CVSS 9.8 (critical): An elevation of privilege vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations, aka…
CVE-2026-26119 — CVSS 8.8 (high): Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-41086 — CVSS 8.8 (high): Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35438 — CVSS 8.3 (high): Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-42834 — CVSS 7.8 (high): Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2025-64669 — CVSS 7.8 (high): Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-23660 — CVSS 7.8 (high): Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-20965 — CVSS 7.5 (high): Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2025-29819 — CVSS 6.2 (medium): External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
CVE-2026-32196 — CVSS 6.1 (medium): Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized…