CVE-2026-58631
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-58631, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Microsoft Corporation

Description

Improper authorization in Windows Admin Center allows an authorized attacker to execute code locally.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
microsoft windows_admin_center *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

If you are using Windows Admin Center and this vulnerability is exploited, the impact could include:

  • Unauthorized execution of code on the affected system, potentially leading to full system compromise.
  • Loss of confidentiality, integrity, and availability of data and services managed by Windows Admin Center.
  • An attacker with local access could escalate their privileges, gaining control over administrative functions.

Since the vulnerability requires an authorized attacker, the risk is higher in environments where multiple users have access to the system or where credentials are shared or compromised.

Compliance Impact

This vulnerability could impact compliance with several standards and regulations, depending on the context of its exploitation:

  • GDPR: If the vulnerability leads to unauthorized access or disclosure of personal data, it could result in a violation of GDPR requirements for data protection and breach notification.
  • HIPAA: In healthcare environments, if the vulnerability is exploited to access or alter protected health information (PHI), it could violate HIPAA's security and privacy rules.
  • Other standards like ISO 27001 or NIST frameworks may also be affected, as they require proper authorization controls and protection against unauthorized code execution.

Organizations should assess the potential impact of this vulnerability on their compliance posture and take remediation steps to mitigate risks.

Detection Guidance

The provided context does not include specific detection methods or commands for identifying the vulnerability in Windows Admin Center. Detection may require checking for unauthorized access or misconfigurations in the Windows Admin Center installation, but no direct guidance is available.

To detect potential issues, you may review Windows Admin Center logs or use Microsoft-provided tools for vulnerability scanning, but no explicit commands are mentioned in the given resources.

Mitigation Strategies

The provided context does not specify immediate mitigation steps for CVE-2026-58631. However, based on the nature of the vulnerability (improper authorization), the following general steps may help:

  • Apply the latest security updates from Microsoft as soon as they are available. Refer to the Microsoft Update Guide for patches specific to this CVE.
  • Restrict access to Windows Admin Center to authorized users only and ensure proper role-based access controls are enforced.
  • Monitor Windows Admin Center logs for suspicious activity or unauthorized access attempts.
  • Consider disabling Windows Admin Center if it is not required for operations until a patch is applied.
Executive Summary

CVE-2026-58631 is a vulnerability in Windows Admin Center that involves improper authorization. This flaw allows an authorized attacker to execute code locally on the affected system. The attacker must already have some level of authorization, but due to the improper authorization checks, they can perform actions beyond their intended privileges.

The vulnerability is classified as a local attack, meaning the attacker needs access to the system to exploit it. The CVSS v3.1 score of 7.8 indicates a high severity, with impacts on confidentiality, integrity, and availability all rated as high.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58631. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart