CVE-2026-42834

Published: Mag 20, 2026 Last Modified: Mag 20, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,8

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.

Improper Link Resolution Before File Access ('Link Following')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control Other

Potential Impacts:

Read Files Or Directories Modify Files Or Directories Bypass Protection Mechanism Execute Unauthorized Code Or Commands

Applicable Platforms

Operating Systems: Windows, Unix

Likelihood of Exploit: Medium

View CWE Details

Application

Windows Admin Center by Microsoft

Product Information

Vendor Microsoft

Product Windows Admin Center

Version Range Affected

To 0.72.0.0 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:microsoft:windows_admin_center:*:*:*:*:*:azure:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2…

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42834