Microsoft Windows Admin Center patch for CVE-2026-26119
Security Patch Release
Summary
Hide ▲
Show ▼
Microsoft shipped Windows Admin Center version 2511 to patch CVE-2026-26119, closing an improper authentication flaw that could let an authorized attacker elevate privileges over a network. The fix matters because the issue carried a CVSS 8.8/10.0 rating and affected a locally deployed management tool used to administer Windows Clients, Servers, and Clusters. Microsoft said the vulnerability had not been seen exploited in the wild, but it was still tagged "Exploitation More Likely". The patch was credited to version 2511 released in December 2025, with a public advisory following on February 17, 2026.
Related Happenings
Microsoft security patch release for CVE-2026-45659
Security Patch Release
First: 26.05.2026 14:49
Last: 26.05.2026 14:49
Sources 1
About this happening:
Microsoft released **SharePoint** updates for **CVE-2026-45659**, a **remote code execution** flaw that could let an authenticated attacker run code over the network without eleva...
Microsoft security patch release for CVE-2026-45659
Security Patch ReleaseAbout this happening: Microsoft released **SharePoint** updates for **CVE-2026-45659**, a **remote code execution** flaw that could let an authenticated attacker run code over the network without eleva...
Azure Backup for AKS Trusted Access permission tightening
Security Patch Release
First: 16.05.2026 23:55
Last: 16.05.2026 23:55
Sources 1
About this happening:
**Microsoft** appears to have silently tightened **Azure Backup for AKS**, closing a **Trusted Access** authorization path that could let a low-privileged role reach **cluster-adm...
Azure Backup for AKS Trusted Access permission tightening
Security Patch ReleaseAbout this happening: **Microsoft** appears to have silently tightened **Azure Backup for AKS**, closing a **Trusted Access** authorization path that could let a low-privileged role reach **cluster-adm...
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft security patch release for CVE-2023-43896
Security Patch Release
First: 04.05.2026 13:40
Last: 04.05.2026 13:40
Sources 1
About this happening:
**Microsoft**'s **April 2026 Windows security updates** are blocking **psmounterex.sys**, which can break third-party backup apps on **Windows 10**, **Windows 11**, and **Windows...
Microsoft security patch release for CVE-2023-43896
Security Patch ReleaseAbout this happening: **Microsoft**'s **April 2026 Windows security updates** are blocking **psmounterex.sys**, which can break third-party backup apps on **Windows 10**, **Windows 11**, and **Windows...
Microsoft Defender false-positively flags DigiCert root certificates and removes some from Windows trust store
Security Tool/Service
First: 03.05.2026 21:11
Last: 03.05.2026 21:11
Sources 1
About this happening:
**Microsoft Defender** began falsely flagging valid **DigiCert root certificates** as **Trojan:Win32/Cerdigent.A!dha**, creating widespread false positives and risking certificate...
Microsoft Defender false-positively flags DigiCert root certificates and removes some from Windows trust store
Security Tool/ServiceAbout this happening: **Microsoft Defender** began falsely flagging valid **DigiCert root certificates** as **Trojan:Win32/Cerdigent.A!dha**, creating widespread false positives and risking certificate...
Timeline
-
17.02.2026 02:00 2 articles · 3mo ago
Microsoft discloses CVE-2026-26119 in Windows Admin Center
Initial DisclosureMicrosoft disclosed a now-patched Windows Admin Center privilege-escalation flaw, CVE-2026-26119, in an advisory released on February 17, 2026. The high-severity issue carried a CVSS 8.8/10.0 rating and stemmed from improper authentication that could let an authorized attacker elevate privileges over a network and gain the rights of the user running the affected application; Microsoft said the flaw was patched in Windows Admin Center version 2511 released in December 2025 and credited Semperis researcher Andrea Pierini with discovering and reporting it.
Show sources
- Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center — thehackernews.com — 19.02.2026 19:40
- Microsoft Patches CVE-2026-26119 Privilege Escalation in Windows Admin Center — thehackernews.com — 19.02.2026 19:40