Windows Admin Center allows attackers to impersonate websites and steal credentials

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.1

Windows Admin Center allows attackers to impersonate websites and steal credentials

CVE-2026-32196

Summary

An attacker can inject malicious code into Windows Admin Center, which can trick users into revealing sensitive information or taking control of their accounts. This can happen when a user visits a malicious website or clicks on a phishing email. To protect your network, update Windows Admin Center to the latest version.

Original title

Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.

Original description

Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.

nvd CVSS3.1 6.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32196

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026