Elevation of Privilege Vulnerability in Azure Portal Windows Admin Center
CVE-2026-42834

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows Admin Center In Azure Portal
Vendor: CVE Published:; 20 May 2026

What is CVE-2026-42834?

An improper link resolution issue in Azure Portal's Windows Admin Center allows authorized users to exploit the system by improperly following links before file access. This could potentially enable attackers to gain elevated privileges on the local environment, posing a significant risk to system security. To mitigate these risks, it is crucial to apply the recommended patches and updates provided by Microsoft.

Affected Version(s)

Windows Admin Center in Azure Portal 1.0 < 0.72.0.0.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisorypatch

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2026
Vulnerability Reserved
Apr 30, 2026

CVE-2026-42834 Data

JSON