CVE-2026-56196
Microsoft · Windows Admin Center
A relative path traversal vulnerability in Microsoft Windows Admin Center allows an authenticated attacker to execute arbitrary code over a network.
Executive summary
A path traversal vulnerability in Microsoft Windows Admin Center allows authenticated attackers to achieve remote code execution, threatening the security of managed server environments.
Vulnerability
This is a relative path traversal vulnerability (CWE-23) that allows an authenticated attacker to manipulate file paths, ultimately leading to remote code execution on the server hosting the Admin Center.
Business impact
The ability to execute arbitrary code with the permissions of the Windows Admin Center service creates a critical risk of full system takeover. Because Windows Admin Center is often used to manage multiple servers, compromise of this platform could grant an attacker lateral movement capabilities across the entire IT infrastructure, justifying the 8.8 CVSS severity rating.
Remediation
Immediate Action: Update Windows Admin Center to version 2.7.4 or later immediately.
Proactive Monitoring: Review logs for suspicious file system operations or unexpected processes initiated by the Windows Admin Center service account.
Compensating Controls: Restrict access to the Windows Admin Center interface to authorized IP addresses via network-level firewalls or VPNs to reduce the attack surface.
Exploitation status
Public Exploit Available: No
Analyst recommendation
The risk of remote code execution makes this vulnerability a priority for remediation. IT teams must upgrade to the patched version of Windows Admin Center immediately to prevent potential exploitation of the management interface.