CVE-2026-32196
Received Received - Intake
Cross-Site Scripting in Windows Admin Center Enables Network Spoofing

Publication date: 2026-04-14

Last updated on: 2026-04-28

Assigner: Microsoft Corporation

Description
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-14
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-14
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32196
EUVD
EUVD-2026-22577
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_admin_center to 2511 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows an unauthorized attacker to perform spoofing over a network via cross-site scripting in Windows Admin Center.

Such spoofing attacks can potentially lead to unauthorized access or manipulation of sensitive information, which may impact compliance with standards and regulations like GDPR and HIPAA that require protection of personal and sensitive data.

However, the provided information does not explicitly describe the direct effects on compliance with these standards.

Mitigation Strategies

To mitigate this vulnerability, ensure that your Windows Admin Center is updated with the latest security patches provided by Microsoft.

Since the vulnerability involves improper neutralization of input leading to cross-site scripting and spoofing, avoid interacting with suspicious web pages or inputs within the Windows Admin Center until patched.

Executive Summary

This vulnerability is a type of cross-site scripting (XSS) found in Windows Admin Center. It occurs because the software does not properly neutralize input during web page generation. This flaw allows an unauthorized attacker to perform spoofing attacks over a network.

Impact Analysis

The vulnerability can allow an attacker to spoof content or impersonate trusted entities over a network. This can lead to unauthorized actions or information disclosure, potentially compromising the integrity and confidentiality of data accessed through Windows Admin Center.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32196. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart