CVE-2026-23660
Improper Access Control in Azure Portal Windows Admin Center Enables Privilege Escalation
Publication date: 2026-03-10
Last updated on: 2026-03-18
Assigner: Microsoft Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows_admin_center | to 2.6.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker with some level of authorization can increase their privileges on the affected system. This can lead to full control over the system, including the ability to compromise confidentiality, integrity, and availability of data and services.
Can you explain this vulnerability to me?
This vulnerability is an improper access control issue in the Azure Portal Windows Admin Center. It allows an authorized attacker to elevate their privileges locally, meaning they can gain higher-level permissions than they should have within the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
This vulnerability involves improper access control in the Azure Portal Windows Admin Center that allows an authorized attacker to elevate privileges locally.
To mitigate this vulnerability, it is recommended to apply the security updates provided by Microsoft as detailed in their official update guide.