CVE-2026-42834
Modified Modified - Updated After Analysis

Improper Link Resolution in Windows Admin Center

Publication date: 2026-05-20

Last updated on: 2026-06-01

Assigner: Microsoft Corporation

Description
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-20
Last Modified
2026-06-01
Generated
2026-06-30
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-28
NVD
CVE-2026-42834
EUVD
EUVD-2026-31104

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_admin_center to 0.72.0.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

To mitigate the elevation of privilege vulnerability caused by improper link resolution in Azure Portal Windows Admin Center, it is recommended to apply the security updates provided by Microsoft as soon as they become available.

Ensure that only authorized users have access to the Windows Admin Center and monitor for any unusual local privilege escalation attempts.

Compliance Impact

The vulnerability allows an authorized attacker to elevate privileges locally through improper link resolution before file access in Azure Portal Windows Admin Center.

Such an elevation of privilege could potentially lead to unauthorized access or modification of sensitive data, which may impact compliance with standards and regulations like GDPR and HIPAA that require strict access controls and protection of sensitive information.

Executive Summary

This vulnerability involves improper link resolution before file access, also known as 'link following', in the Azure Portal Windows Admin Center. It allows an authorized attacker to elevate their privileges locally.

Impact Analysis

The vulnerability can lead to an elevation of privilege, meaning an authorized attacker could gain higher-level access than intended within the system. This can result in full control over affected resources, potentially compromising confidentiality, integrity, and availability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42834. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart