Relative Path Traversal in Windows Admin Center Affects Microsoft Product
CVE-2026-56196
What is CVE-2026-56196?
CVE-2026-56196 is a vulnerability identified in the Windows Admin Center, a management tool developed by Microsoft for managing Windows Server and other related infrastructures. The nature of this vulnerability is a relative path traversal issue, which allows an authorized attacker to manipulate file paths in such a way that they can execute unauthorized code over a network. This poses a significant risk to organizations utilizing Windows Admin Center, as it can compromise the integrity and confidentiality of sensitive data and systems. Attackers leveraging this vulnerability could potentially escalate their access and control over the administrative functionalities of the Windows environment, leading to severe operational disruptions.
Potential impact of CVE-2026-56196
-
Unauthorized Code Execution: The vulnerability permits attackers to execute arbitrary code, which can lead to unauthorized actions being performed on affected systems. This could include the installation of malware, data exfiltration, or other malicious activities that disrupt business operations.
-
Risk of Data Breaches: By enabling unauthorized access to file paths and system resources, this vulnerability increases the likelihood of data breaches. Sensitive information contained within the organization could be accessed, altered, or stolen, resulting in significant legal and financial ramifications.
-
Operational Disruption: Organizations reliant on the Windows Admin Center for critical server management processes may face significant operational interruptions. Successful exploitation of this vulnerability can lead to downtime, loss of productivity, and a diversion of resources to incident response and recovery efforts.
Affected Version(s)
Windows Admin Center 1809.0 < 2.7.4