Cross-Site Scripting Vulnerability in Windows Admin Center by Microsoft
CVE-2026-32196

6.1MEDIUM

Key Information:

Vendor: Microsoft
Status: Windows Admin Center
Vendor: CVE Published:; 14 April 2026

What is CVE-2026-32196?

A cross-site scripting vulnerability exists in Windows Admin Center due to improper neutralization of user input during web page generation. This flaw can allow an unauthorized attacker to exploit the application and perform spoofing attacks, compromising the integrity of the web application and potentially leading to unauthorized access or data manipulation across the network.

Affected Version(s)

Windows Admin Center 1809.0 < 2.6.5.16

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2026
Vulnerability Reserved
Mar 11, 2026

CVE-2026-32196 Data

JSON