CVE-2026-58631 is a Windows Admin Center (WAC) remote code execution vulnerability caused by improper authorization. Microsoft rates it with a CVSS v3.1 base score of 7.8 (High) and a temporal score of 6.8. The vector is local attack only, with low attack complexity, low privileges required, and no user interaction. The impact is remote code execution with high confidentiality, integrity, and availability impact. Microsoft lists exploitation likelihood as “Exploitation More Likely,” but there is no public disclosure and no known exploitation reported. Because the attack vector is local rather than network-based, enterprise risk is lower than a remotely reachable service, but it remains significant for systems where local access is possible. Highlights: - CVSS scores: Base 7.8 - Temporal 6.8 - Exploit status & code maturity: Publicly Disclosed: No; Exploited: No; Exploit Code Maturity: UNPROVEN. - Impact: Remote Code Execution with HIGH confidentiality, integrity, and availability impacts. - Exploitation likelihood: Exploitation More Likely; vector is LOCAL with LOW attack complexity, LOW privileges required, and NO user interaction. - Severity for enterprise: High severity by CVSS, with elevated concern for environments where local access is available; lower exposure than network-reachable vulnerabilities because it is not network exploitable. - Patch status: available Affected systems: - No products listed