{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-20965", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2025-12-04T20:04:16.341Z", "datePublished": "2026-01-13T17:56:06.968Z", "dateUpdated": "2026-04-01T13:48:15.844Z"}, "containers": {"cna": {"title": "Windows Admin Center Elevation of Privilege Vulnerability", "datePublic": "2026-01-13T16:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:azure_portal_windows_admin_center:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "0.70.0.0"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Admin Center in Azure Portal", "versions": [{"version": "1.0", "lessThan": "0.70.0.0", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-347: Improper Verification of Cryptographic Signature", "lang": "en-US", "type": "CWE", "cweId": "CWE-347"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-01T13:48:15.844Z"}, "references": [{"name": "Windows Admin Center Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20965"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20965", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-14T04:56:59.742779Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:41.040Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-20965", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-01-14T04:56:59.742779Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T19:41:05.445Z"}}], "cna": {"title": "Windows Admin Center Elevation of Privilege Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Admin Center in Azure Portal", "versions": [{"status": "affected", "version": "1.0", "lessThan": "0.70.0.0", "versionType": "custom"}]}], "datePublic": "2026-01-13T16:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20965", "name": "Windows Admin Center Elevation of Privilege Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:azure_portal_windows_admin_center:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "0.70.0.0", "versionStartIncluding": "1.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-04-01T13:48:15.844Z"}}}, "cveMetadata": {"cveId": "CVE-2026-20965", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:48:15.844Z", "dateReserved": "2025-12-04T20:04:16.341Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-01-13T17:56:06.968Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:azure:*:*", "matchCriteriaId": "45A440DB-3383-476C-BF0F-6B932A709C10", "versionEndExcluding": "0.70.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally."}], "id": "CVE-2026-20965", "lastModified": "2026-01-16T16:23:11.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 6.0, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-01-13T18:16:24.417", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20965"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-16T08:41:53.039418+00:00", "value": {"mitigation_remediation": ["Apply the latest Windows Admin Center security update released by Microsoft that corrects the signature verification flaw.", "Enforce least\u2011privilege by removing or restricting local administrative rights for users who do not need them to operate Windows Admin Center.", "Enable audit logging for privilege\u2011related actions within Windows Admin Center and regularly review logs for anomalous activity."], "summary": {"action": "Patch Now", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Microsoft Windows Admin Center deployed through the Azure Portal is affected. Specific versions are not listed, so all installations of Windows Admin Center should be reviewed for the presence of the vulnerability until a patch is applied.", "description_and_impact": "Windows Admin Center contains an improper verification of cryptographic signatures, which allows an attacker with existing local authorization to elevate their privileges on the affected system. The flaw can be exploited by providing a maliciously signed component that bypasses the intended integrity check, granting the attacker higher permissions without valid endorsement.", "risk_and_exploitability": "The vulnerability has a CVSS score of 7.5, indicating a high severity level of privilege escalation. The EPSS score is below 1%, suggesting a low exploitation probability at this time. It is not in the CISA KEV catalog. The likely attack vector requires that the attacker already has local authorized access to the machine running Windows Admin Center, which limits the scope but still poses a serious threat in environments where local admin rights are lax or shared."}}}}, "created": "2026-04-16T08:45:26.261031+00:00", "updated": "2026-04-16T08:45:26.261042+00:00", "vendors": []}