A high-severity Windows Admin Center vulnerability (CVE-2026-26119) could allow privilege escalation in enterprise ...

Microsoft fixes CVE-2026-26119, an 8.8 CVSS privilege escalation bug in Windows Admin Center that could allow network-based user rights takeover.

Thousands of IT admins were locked out as a Microsoft 365 admin center outage disrupted access for North American businesses.

In Windows Admin Center, attackers can escalate their privileges. Microsoft classifies this as critical and advises admins to update.