CVE-2026-47301

Microsoft · Configuration Manager

An improper access control vulnerability in Microsoft Configuration Manager allows an authenticated attacker to elevate privileges over a network.

Executive summary

A privilege escalation vulnerability in Microsoft Configuration Manager allows an authenticated attacker to gain unauthorized administrative access.

Vulnerability

This is an improper access control vulnerability (CWE-284) within Microsoft Configuration Manager. It allows an attacker who already has low-level network access to elevate their privileges within the application environment.

Business impact

By elevating privileges, an attacker could gain full control over the Configuration Manager environment, which is typically used to manage and deploy software across an entire enterprise. This level of access grants the attacker the ability to push malicious updates or configurations to all managed endpoints. The CVSS score of 8.8 reflects the massive potential for lateral movement and systemic damage.

Remediation

Immediate Action: Apply the latest security updates provided by Microsoft for the affected versions of Configuration Manager.

Proactive Monitoring: Review audit logs for Configuration Manager to identify unauthorized access attempts or unexpected changes to deployment policies and administrative accounts.

Compensating Controls: Implement strict Role-Based Access Control (RBAC) to limit the number of users with management capabilities, and ensure that the Configuration Manager server is isolated within a secure management network segment.

Exploitation status

Public Exploit Available: Unknown.

Analyst recommendation

Given that Microsoft Configuration Manager is a centralized management tool, this vulnerability represents a significant risk to the entire organizational infrastructure. It is critical to patch all instances immediately to prevent an attacker from gaining administrative control and using the tool as a vector for widespread compromise.