Improper Access Control in Windows Admin Center by Microsoft
CVE-2026-41086

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows Admin Center In Azure Portal
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-41086?

The Windows Admin Center has a vulnerability that enables an authorized attacker to exploit improper access control, allowing them to elevate their privileges over a network. This could lead to unauthorized access and control over sensitive operations within the affected system. It is imperative for users to apply the latest security updates to mitigate this risk.

Affected Version(s)

Windows Admin Center in Azure Portal 1.0 < 2.6.7

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 16, 2026

CVE-2026-41086 Data

JSON