CVE-2026-57107 is a Windows Admin Center elevation of privilege vulnerability caused by improper authentication. Microsoft rates it as CVSS v3.1 7.8 (High) with a temporal score of 6.8; the vector is LOCAL, LOW attack complexity, LOW privileges required, no user interaction, and unchanged scope. If exploited, it can impact confidentiality, integrity, and availability at HIGH levels. Microsoft states it is not publicly disclosed, not exploited, and exploit code maturity is UNPROVEN. Because the attack is local rather than network-based, enterprise exposure is lower than for remotely reachable services, but it remains relevant for systems where untrusted local access is possible. Customer action is required. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Elevation of Privilege; confidentiality, integrity, and availability impacts are all HIGH. - Exploitation likelihood: Exploitation Less Likely; vector context is LOCAL with LOW attack complexity, LOW privileges required, and no user interaction. - Severity for enterprise: High severity by CVSS, but lower real-world exposure than network-reachable issues because exploitation requires local access. - Patch status: available Affected systems: - No products listed