Primary

Context

Microsoft Windows Admin Center Cross-Site Scripting Vulnerability Allowing Spoofing

Vulnerability

Patched

A cross-site scripting vulnerability has been identified in Windows Admin Center. This issue arises from improper input neutralization during web page generation, allowing an unauthorized attacker to perform spoofing over the network. The vulnerability affects Windows Admin Center versions prior to 2.6.5.16.

Impact

Successful exploitation allows an attacker to spoof users over the network. Additionally, according to CVSS, the vulnerability could lead to some loss of confidentiality and integrity, but no impact on availability.

Remediation

Users can download the security update for Windows Admin Center from the Microsoft Update Catalog. For more information, see the release notes on the Microsoft Learn website.

Added: Apr 14, 2026, 8:02 PM

Updated: Apr 14, 2026, 8:02 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

5.8

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.7

exploitability

5.8

remediation

7.7

relevance

5.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Windows Admin Center Cross-Site Scripting Vulnerability Allowing Spoofing

Vulnerability

Impact

Remediation

Affected Products

Microsoft Windows Admin Center

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating