Microsoft has disclosed a now-patched security flaw in Home windows Admin Middle that might permit an attacker to escalate their privileges.
Home windows Admin Middle is a regionally deployed, browser-based administration software set that lets customers handle their Home windows Purchasers, Servers, and Clusters with out the necessity for connecting to the cloud.
The high-severity vulnerability, tracked as CVE-2026-26119, carries a CVSS rating of 8.8 out of a most of 10.0
“Improper authentication in Home windows Admin Middle permits a licensed attacker to raise privileges over a community,” Microsoft stated in an advisory launched on February 17, 2026. “The attacker would acquire the rights of the consumer that’s operating the affected utility.”
Microsoft credited Semperis researcher Andrea Pierini with discovering and reporting the vulnerability. It is price mentioning that the security challenge was patched by the tech large in Home windows Admin Middle model 2511 launched in December 2025.
Whereas the Home windows maker makes no point out of this vulnerability being exploited within the wild, it has been tagged with an “Exploitation Extra Doubtless” evaluation.
Technical particulars associated to CVE-2026-26119 are presently below wraps, however that might change quickly. In a put up shared on LinkedIn, Pierini stated the vulnerability might “permit a full area compromise ranging from a regular consumer” below sure situations.
