CVE-2026-57107
Received Received - Intake

Improper Authentication in Windows Admin Center

Vulnerability report for CVE-2026-57107, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_admin_center *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57107 is a vulnerability in Windows Admin Center that involves improper authentication. This flaw allows an attacker who is already authorized (has some level of access) to elevate their privileges locally on the affected system. Essentially, the vulnerability enables a user with limited permissions to gain higher-level privileges than they should have, potentially taking full control of the system.

The CVSS v3.1 score for this vulnerability is 7.8, which is classified as high severity. The vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H indicates that the attack requires local access (AV:L), low attack complexity (AC:L), low privileges (PR:L), no user interaction (UI:N), and has high impacts on confidentiality (C:H), integrity (I:H), and availability (A:H).

Impact Analysis

This vulnerability can impact you in several ways if you are using Windows Admin Center:

  • An attacker with low-level access to your system could exploit this flaw to gain elevated privileges, such as administrative rights.
  • Once privileges are elevated, the attacker could perform malicious actions such as installing malware, stealing sensitive data, or disrupting system operations.
  • The high impact on confidentiality, integrity, and availability means that the attacker could access, modify, or delete critical data, leading to data breaches or system downtime.

Since the vulnerability is local, the attacker must already have some form of access to the system, which could come from compromised user credentials or other local attack vectors.

Compliance Impact

This vulnerability can affect compliance with common standards and regulations in the following ways:

  • GDPR (General Data Protection Regulation): If the vulnerability leads to unauthorized access or disclosure of personal data, it could result in a data breach. GDPR requires organizations to implement appropriate security measures to protect personal data, and failure to address such vulnerabilities could lead to non-compliance and potential fines.
  • HIPAA (Health Insurance Portability and Accountability Act): For organizations handling protected health information (PHI), this vulnerability could lead to unauthorized access or modification of PHI. HIPAA mandates safeguards to ensure the confidentiality, integrity, and availability of PHI, and exploiting this vulnerability could violate these requirements.
  • Other standards (e.g., ISO 27001, NIST): Many compliance frameworks require organizations to manage and mitigate vulnerabilities that could lead to unauthorized access or privilege escalation. Failure to patch or address this vulnerability could result in non-compliance with these standards.

Organizations should assess the risk posed by this vulnerability and take appropriate actions, such as applying patches or implementing compensating controls, to maintain compliance with relevant regulations.

Mitigation Strategies

Microsoft has likely provided patches or updates to address this vulnerability. Apply the latest security updates for Windows Admin Center as soon as possible.

  • Check the Microsoft Security Update Guide for CVE-2026-57107 to download and install the relevant patch.
  • Ensure that only trusted users have access to systems running Windows Admin Center to reduce the risk of local privilege escalation.
  • Monitor Microsoft's official communications for any additional mitigation steps or workarounds.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57107. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart