Cyber Posture

CVE-2026-42834

High
Microsoft: affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: not affectedAppOther: not affectedOth

Published: 20 May 2026

Published
20 May 2026
Modified
20 May 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score N/A
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-42834 is a high-severity Link Following (CWE-59) vulnerability in Microsoft Windows Admin Center. Its CVSS base score is 7.8 (High).

Operationally, it is not currently listed in the CISA KEV catalog.

NVD Description

Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-59

Affected Products

microsoft
windows admin center
≤ 0.72.0.0

References