Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in Microsoft Windows Admin Center

20 February 2026

Microsoft has disclosed a privilege-escalation vulnerability (CVE-2026-26119) in Windows Admin Center (WAC). Users and administrators of affected product versions are advised to update to the latest version immediately.

Background

Microsoft has disclosed a privilege-escalation vulnerability (CVE-2026-26119) in Windows Admin Center (WAC), a browser-based platform widely used by IT administrators and infrastructure teams to manage Windows clients, servers, clusters, Hyper-V hosts and virtual machines, as well as Active Directory-joined systems. Although the issue was patched in early December 2025 with the release of Windows Admin Center version 2511, it has only just been publicly acknowledged.

Impact

Successful exploitation of this vulnerability could allow a remote attacker with low-level privileges to escalate their permissions, potentially leading to full domain compromise.

Affected Products

The vulnerability affects the following versions of Windows Admin Center:

  • Versions prior to version 2511

Recommendations

Users and administrators of affected product versions are advised to update to the latest version immediately.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26119

https://nvd.nist.gov/vuln/detail/CVE-2026-26119

Back to top