System Center Operations Manager Privilege Escalation via Network

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.8

System Center Operations Manager Privilege Escalation via Network

CVE-2026-20967

Summary

An attacker with authorization can exploit a weakness in System Center Operations Manager's input validation to gain higher-level network access. This could allow them to access sensitive data or disrupt system operations. System administrators should review and update their input validation procedures to prevent this kind of exploitation.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
microsoft	system_center_operations_manager	2019	–
microsoft	system_center_operations_manager	2019	–
microsoft	system_center_operations_manager	2019	–
microsoft	system_center_operations_manager	2019	–
microsoft	system_center_operations_manager	2019	–
microsoft	system_center_operations_manager	2019	–
microsoft	system_center_operations_manager	2019	–
microsoft	system_center_operations_manager	2019	–
microsoft	system_center_operations_manager	2019	–
microsoft	system_center_operations_manager	2019	–
microsoft	system_center_operations_manager	2019	–
microsoft	system_center_operations_manager	2019	–
microsoft	system_center_operations_manager	2022	–
microsoft	system_center_operations_manager	2022	–
microsoft	system_center_operations_manager	2022	–
microsoft	system_center_operations_manager	2022	–
microsoft	system_center_operations_manager	2022	–
microsoft	system_center_operations_manager	2022	–
microsoft	system_center_operations_manager	2025	–
microsoft	system_center_operations_manager	2025	–

Original title

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.

Original description

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.

nvd CVSS3.1 8.8

Vulnerability type

CWE-20 Improper Input Validation

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20967

Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026