{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32196", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "state": "PUBLISHED", "assignerShortName": "microsoft", "dateReserved": "2026-03-11T00:26:53.427Z", "datePublished": "2026-04-14T16:58:33.606Z", "dateUpdated": "2026-05-12T17:39:32.738Z"}, "containers": {"cna": {"title": "Windows Admin Center Spoofing Vulnerability", "datePublic": "2026-04-14T14:00:00.000Z", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*", "versionStartIncluding": "1809.0", "versionEndExcluding": "2.6.5.16"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Admin Center", "versions": [{"version": "1809.0", "lessThan": "2.6.5.16", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en-US", "type": "CWE", "cweId": "CWE-79"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:39:32.738Z"}, "references": [{"name": "Windows Admin Center Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32196"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T19:45:26.530048Z", "id": "CVE-2026-32196", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T19:45:44.209Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32196", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T19:45:26.530048Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T19:45:40.844Z"}}], "cna": {"title": "Windows Admin Center Spoofing Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Microsoft", "product": "Windows Admin Center", "versions": [{"status": "affected", "version": "1809.0", "lessThan": "2.6.5.16", "versionType": "custom"}]}], "datePublic": "2026-04-14T14:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32196", "name": "Windows Admin Center Spoofing Vulnerability", "tags": ["vendor-advisory", "patch"]}], "descriptions": [{"lang": "en-US", "value": "Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.6.5.16", "versionStartIncluding": "1809.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2026-05-12T17:39:32.738Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32196", "state": "PUBLISHED", "dateUpdated": "2026-05-12T17:39:32.738Z", "dateReserved": "2026-03-11T00:26:53.427Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2026-04-14T16:58:33.606Z", "assignerShortName": "microsoft"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E6B16F7-D308-4FCC-B230-6AFFB020AFE4", "versionEndExcluding": "2511", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network."}], "id": "CVE-2026-32196", "lastModified": "2026-04-28T12:21:17.930", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "secure@microsoft.com", "type": "Primary"}]}, "published": "2026-04-14T18:17:26.060", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32196"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "secure@microsoft.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1809.0,2.6.5.16)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Windows Admin Center", "source": "cna", "vendor": "Microsoft"}, "product": "windows_admin_center", "vendor": "microsoft"}], "analysis": {"en": {"generated_at": "2026-04-14T19:44:44.777638+00:00", "value": {"mitigation_remediation": ["Apply the latest Microsoft patch for Windows Admin Center as documented in the Microsoft Security Advisory.", "Limit network access to the Windows Admin Center web interface to trusted hosts only until the patch is applied."], "summary": {"action": "Immediate Patch", "impact": "Spoofing"}, "threat_synthesis": {"affected_systems": "The affected product is Microsoft Windows Admin Center. No specific version ranges are provided in the advisory, so all installations should be reviewed for applicable patches.", "description_and_impact": "A cross\u2011site scripting vulnerability in Windows Admin Center allows an attacker to inject malicious scripts into generated web pages. This flaw can be used to create spoofed content on the console, tricking users into believing they are interacting with legitimate elements. The attack could compromise the integrity of the user interface and facilitate phishing or credential theft.", "risk_and_exploitability": "The CVSS score of 6.1 indicates a moderate severity. Because the vulnerability is a web\u2011based XSS, the likely attack vector is over the network via the Windows Admin Center web interface; any user with access to the console could craft a payload. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation yet."}}}}, "created": "2026-04-15T14:31:56.914969+00:00", "updated": "2026-04-15T14:45:03.387062+00:00", "vendors": ["microsoft", "microsoft$PRODUCT$windows_admin_center"]}