Windows Admin Center Azure SSO Flaw Risks Tenant-Wide Compromise

A Windows Admin Center Azure SSO flaw could let attackers pivot from one compromised machine to tenant-wide access across Azure VMs and Arc-connected systems. 

The vulnerability “… allows an attacker with local administrator access on just one machine to escalate privileges, execute remote code, and move laterally across Azure virtual machines and Arc-connected systems within the same tenant, without valid Azure credentials,” said Cymulate researchers.

Inside the Windows Admin Center Token Flaw

Tracked as CVE-2026-20965, this flaw impacts organizations using Windows Admin Center to manage Azure VMs and Arc-connected systems, especially where admins frequently connect via the Azure Portal.

The core risk is that an attacker who gains a foothold on one WAC-managed system can potentially use that access to move laterally and reach other machines across the tenant.

Windows Admin Center’s Azure SSO flow relies on two separate tokens working together. 

The first, WAC.CheckAccess, is used to confirm the user has the required role-based permissions. 

The second is a proof-of-possession (PoP) token, which is designed to prevent token replay by binding authentication to cryptographic keys generated in the browser. 

Under normal conditions, this pairing helps ensure that even if a token is stolen, it cannot be reused from another context.

Cymulate researchers found that WAC did not validate these tokens as tightly as it should. 

In practice, attackers could mix a stolen WAC.CheckAccess token with a forged PoP token, allowing them to impersonate privileged users and remotely execute administrative commands on other WAC-enabled systems. 

The issue stems from multiple validation gaps, including missing UPN checks between tokens, acceptance of cross-tenant PoP tokens, nonce reuse, and PoP support for non-gateway URLs like direct IP access over port 6516. 

Even more importantly, the WAC.CheckAccess token was not sufficiently scoped, meaning authorization could extend beyond a single machine and effectively enable broader, tenant-level access patterns.

What It Takes to Trigger the Attack

Exploitation is not completely “drive-by.” 

The attacker must already have local administrator access on a WAC-enabled Azure VM or Arc-connected machine, and a privileged user must initiate a WAC session through Azure Portal during the attacker’s window of opportunity. 

But once those conditions are met, the blast radius can be significant — enabling lateral movement, privilege escalation, and broad compromise of systems that were assumed to be isolated.

Microsoft has released a patch to address the issue, and organizations should apply it immediately while also reviewing logs for signs of token misuse or unusual cross-tenant identity activity.

How to Reduce Tenant-Wide Exposure

Organizations running Windows Admin Center in Azure should treat CVE-2026-20965 as a high-priority risk because it can turn a single compromised host into a broader tenant-wide exposure. 

Security teams should also assume token abuse may be difficult to spot without focused monitoring.

• Upgrade to Windows Admin Center Azure Extension v0.70.00 or later and remove WAC where it is not required to reduce attack surface.
• Restrict WAC access using least privilege, PIM, and Conditional Access controls (e.g., MFA, compliant devices, and location/risk policies).
• Lock down network exposure by limiting port 6516 to trusted gateway-only paths and tightening NSG/JIT rules to prevent broad inbound access.
• Isolate WAC-enabled systems in dedicated management subnets and restrict outbound traffic to reduce lateral movement and token abuse paths.
• Monitor for identity and token anomalies, including mixed-tenant UPN logons, unexpected WAC_user accounts, and signs of PoP/token replay.
• Alert on suspicious WAC activity such as InvokeCommand spikes, new identities on targets, and rogue WAC services or processes indicating interception.

These steps outline practical actions to help close the gap, limit lateral movement, and detect suspicious WAC activity early.

Tenant-Wide Risk From One Weak Link

This vulnerability is a reminder that identity and token validation flaws can turn routine admin workflows into tenant-wide risk, especially in cloud environments built for speed and scale. 

Organizations should prioritize patching Windows Admin Center immediately, then reinforce access controls, network restrictions, and monitoring to reduce the blast radius if a single system is compromised. 

This is why organizations are shifting to a zero-trust security model built around assuming breach and limiting impact.