You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-35438
About this tag
CVE-2026-35438 is a Windows Admin Center elevation-of-privilege vulnerability where a low-privileged attacker can abuse the product's update path to install an arbitrary available version from Microsoft's update catalog. This can alter or disrupt existing deployments, with high integrity and availability impact but low confidentiality impact. The vulnerability targets the management plane beneath the administrator, making it distinct from typical data theft bugs. Discussions on WindowsForum cover the technical details, CVSS scoring, and implications for enterprise IT environments using Windows Admin Center.
CVE-2026-35438 is a Windows Admin Center elevation-of-privilege vulnerability in which a low-privileged attacker could abuse the product’s update path to install an arbitrary available Windows Admin Center version from Microsoft’s update catalog, potentially altering or disrupting the existing...