Vulnerability Details CVE-2026-32196
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.7%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2026-32196
-
cpe:2.3:a:microsoft:windows_admin_center:-
-
cpe:2.3:a:microsoft:windows_admin_center:1709
-
cpe:2.3:a:microsoft:windows_admin_center:1711
-
cpe:2.3:a:microsoft:windows_admin_center:1712
-
cpe:2.3:a:microsoft:windows_admin_center:1802
-
cpe:2.3:a:microsoft:windows_admin_center:1803
-
cpe:2.3:a:microsoft:windows_admin_center:1804
-
cpe:2.3:a:microsoft:windows_admin_center:1804.25
-
cpe:2.3:a:microsoft:windows_admin_center:1806
-
cpe:2.3:a:microsoft:windows_admin_center:1807
-
cpe:2.3:a:microsoft:windows_admin_center:1808
-
cpe:2.3:a:microsoft:windows_admin_center:1809
-
cpe:2.3:a:microsoft:windows_admin_center:1809.5
-
cpe:2.3:a:microsoft:windows_admin_center:1812
-
cpe:2.3:a:microsoft:windows_admin_center:1902
-
cpe:2.3:a:microsoft:windows_admin_center:1903
-
cpe:2.3:a:microsoft:windows_admin_center:1904
-
cpe:2.3:a:microsoft:windows_admin_center:1906
-
cpe:2.3:a:microsoft:windows_admin_center:1907
-
cpe:2.3:a:microsoft:windows_admin_center:1908
-
cpe:2.3:a:microsoft:windows_admin_center:1909
-
cpe:2.3:a:microsoft:windows_admin_center:1910
-
cpe:2.3:a:microsoft:windows_admin_center:2410