Remote Privilege Escalation in Windows Admin Center (CVE‑2026‑26119)

Semperis research demonstrates how a vulnerability in Windows Admin Center (CVE‑2026‑26119) can allow remote privilege escalation and, under certain conditions, full domain compromise. The issue lies in an authentication flaw that allows an attacker to reflect an NTLM token back to the Windows Admin Center server. Specifically, a weakness in how HTTP requests are handled by a .NET application running on Kestrel allows an unprivileged domain user to exploit reflected authentication to gain elevated access to the Windows Admin Center server.

The vulnerability affects Windows Admin Center versions prior to Microsoft's July 2025 patch.

📎 Article: https://www.semperis.com/blog/what-you-need-to-know-windows-admin-center-remote-privilege-escalation-cve-2026-26119/

💬 Discuss