Search criteria

5 vulnerabilities found for Windows Admin Center in Azure Portal by Microsoft

CVE-2026-42834 (GCVE-0-2026-42834)

Vulnerability from cvelistv5 – Published: 2026-05-20 13:09 – Updated: 2026-06-19 16:13
VLAI?
Title
Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Summary
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CWE
  • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows Admin Center in Azure Portal Affected: 1.0 , < 0.72.0.0. (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-42834",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-21T03:55:26.799Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows Admin Center in Azure Portal",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "0.72.0.0.",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_portal_windows_admin_center:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "0.72.0.0.",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-05-19T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T16:13:10.775Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42834"
        }
      ],
      "title": "Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-42834",
    "datePublished": "2026-05-20T13:09:44.888Z",
    "dateReserved": "2026-04-30T14:51:12.703Z",
    "dateUpdated": "2026-06-19T16:13:10.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-41086 (GCVE-0-2026-41086)

Vulnerability from cvelistv5 – Published: 2026-05-12 16:59 – Updated: 2026-06-19 16:13
VLAI?
Title
Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Summary
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CWE
  • CWE-284 - Improper Access Control
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows Admin Center in Azure Portal Affected: 1.0 , < 0.76.0.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-41086",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-07T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-13T03:57:14.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows Admin Center in Azure Portal",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "0.76.0.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_portal_windows_admin_center:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "0.76.0.0",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-05-12T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T16:13:00.668Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41086"
        }
      ],
      "title": "Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-41086",
    "datePublished": "2026-05-12T16:59:30.087Z",
    "dateReserved": "2026-04-16T19:12:36.194Z",
    "dateUpdated": "2026-06-19T16:13:00.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-23660 (GCVE-0-2026-23660)

Vulnerability from cvelistv5 – Published: 2026-03-10 17:04 – Updated: 2026-06-19 18:17
VLAI?
Title
Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Summary
Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
CWE
  • CWE-284 - Improper Access Control
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows Admin Center in Azure Portal Affected: 1.0 , < 2.6.4 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-23660",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T03:56:23.421373Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T13:08:18.667Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows Admin Center in Azure Portal",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.6.4",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_portal_windows_admin_center:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.6.4",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-03-10T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-19T18:17:20.300Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23660"
        }
      ],
      "title": "Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-23660",
    "datePublished": "2026-03-10T17:04:33.270Z",
    "dateReserved": "2026-01-14T16:59:33.463Z",
    "dateUpdated": "2026-06-19T18:17:20.300Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20965 (GCVE-0-2026-20965)

Vulnerability from cvelistv5 – Published: 2026-01-13 17:56 – Updated: 2026-04-01 13:48
VLAI?
Title
Windows Admin Center Elevation of Privilege Vulnerability
Summary
Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CWE
  • CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows Admin Center in Azure Portal Affected: 1.0 , < 0.70.0.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20965",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-14T04:56:59.742779Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:41.040Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows Admin Center in Azure Portal",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "0.70.0.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_portal_windows_admin_center:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "0.70.0.0",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-01-13T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T13:48:15.844Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Admin Center Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20965"
        }
      ],
      "title": "Windows Admin Center Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-20965",
    "datePublished": "2026-01-13T17:56:06.968Z",
    "dateReserved": "2025-12-04T20:04:16.341Z",
    "dateUpdated": "2026-04-01T13:48:15.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-29819 (GCVE-0-2025-29819)

Vulnerability from cvelistv5 – Published: 2025-04-08 17:24 – Updated: 2026-02-13 19:33
VLAI?
Title
Windows Admin Center in Azure Portal Information Disclosure Vulnerability
Summary
External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.
CWE
  • CWE-73 - External Control of File Name or Path
Assigner
References
Impacted products
Vendor Product Version
Microsoft Windows Admin Center Affected: 1809.0 , < 2.4.2.1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-29819",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T19:17:19.777646Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-08T19:17:28.446Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows Admin Center",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "2.4.2.1",
              "status": "affected",
              "version": "1809.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Windows Admin Center in Azure Portal",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "0.45.0.0",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:azure_portal_windows_admin_center:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "0.45.0.0",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.4.2.1",
                  "versionStartIncluding": "1809.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2025-04-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-73",
              "description": "CWE-73: External Control of File Name or Path",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-13T19:33:35.528Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows Admin Center in Azure Portal Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29819"
        }
      ],
      "title": "Windows Admin Center in Azure Portal Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2025-29819",
    "datePublished": "2025-04-08T17:24:19.909Z",
    "dateReserved": "2025-03-11T22:56:43.943Z",
    "dateUpdated": "2026-02-13T19:33:35.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}