CVE-2026-56197
Microsoft · Windows Admin Center
A command injection vulnerability in Microsoft Windows Admin Center allows an authenticated attacker to execute arbitrary commands over a network.
Executive summary
An authenticated command injection vulnerability in Microsoft Windows Admin Center permits unauthorized code execution, creating a high risk of server compromise.
Vulnerability
This vulnerability involves improper neutralization of special elements used in a command (CWE-77), allowing an authenticated attacker to inject and execute arbitrary commands on the underlying host.
Business impact
Command injection is a severe flaw that can lead to total system compromise, data theft, and the installation of persistent backdoors. Given the 8.8 CVSS score, this vulnerability poses a significant threat to the security of any infrastructure managed by the affected Windows Admin Center instance.
Remediation
Immediate Action: Update Windows Admin Center to version 2.7.4 or later to eliminate the vulnerable command processing logic.
Proactive Monitoring: Monitor for unexpected command-line executions or PowerShell scripts originating from the Windows Admin Center process.
Compensating Controls: Implement strict access control lists and network segmentation to ensure that only trusted administrators can access the Windows Admin Center management interface.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Due to the severity of command injection, immediate patching is required to protect the integrity of the managed environment. Organizations should prioritize this update alongside other critical security maintenance tasks to minimize exposure.