CVE-2026-20967

Published Mar 10, 2026

Last updated 3 months ago

CVSS high 8.8

Overview

Description: Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
Source: secure@microsoft.com
NVD status: Analyzed
Products: system_center_operations_manager

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*",
            "matchCriteriaId": "0BFD64D6-E8BB-4606-8D4C-EAE586CAD791",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_1:*:*:*:*:*:*",
            "matchCriteriaId": "60D16C06-DC8C-4990-A813-DC8FB599F2BD",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_1_hotfix:*:*:*:*:*:*",
            "matchCriteriaId": "4E460428-07C5-4CC9-A8E1-3B9D1049C945",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_2:*:*:*:*:*:*",
            "matchCriteriaId": "A06A8B5C-19CB-471E-A6CE-8A409A75D215",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_2_hotfix:*:*:*:*:*:*",
            "matchCriteriaId": "00FE8943-EB78-4E7B-892D-89633450E1BC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_3:*:*:*:*:*:*",
            "matchCriteriaId": "C764DB6F-3551-4F97-9F1F-F558224034BA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_3_hotfix:*:*:*:*:*:*",
            "matchCriteriaId": "C7CBAAAF-FDD7-4FA7-AB25-AEEE2D7959FA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_4:*:*:*:*:*:*",
            "matchCriteriaId": "8EC811F7-AA65-405D-B25E-1A3DFA221322",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_4_hotfix:*:*:*:*:*:*",
            "matchCriteriaId": "14BCC26E-10BF-4046-8000-0423161486A7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_5:*:*:*:*:*:*",
            "matchCriteriaId": "AE41DAE4-91BE-4198-9ACB-33481D9B216F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_5_hotfix:*:*:*:*:*:*",
            "matchCriteriaId": "596A894F-CDFC-4BB9-B3C0-73E1C8334025",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_6:*:*:*:*:*:*",
            "matchCriteriaId": "AE42550B-80DB-4977-80FF-F1A329DE2663",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*",
            "matchCriteriaId": "ABD632BE-513E-4581-9C8C-3A13DA1ADF1F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_1:*:*:*:*:*:*",
            "matchCriteriaId": "A3C221E0-42CC-480E-B704-AF27429FA20E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_1_hotfix:*:*:*:*:*:*",
            "matchCriteriaId": "FDBC5F8D-F48D-4CAA-830A-181F3019A804",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_2:*:*:*:*:*:*",
            "matchCriteriaId": "82E3989D-24AC-4229-9C61-4F6A7E15C592",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_2_hotfix:*:*:*:*:*:*",
            "matchCriteriaId": "BC796BB3-1BBA-41FB-AA42-1C5643183835",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_3:*:*:*:*:*:*",
            "matchCriteriaId": "E6ED73D7-3055-47FF-8641-A8AA3E3C43E4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2025:-:*:*:*:*:*:*",
            "matchCriteriaId": "0507AA0D-CBD5-400D-B24C-0549778F6029",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2025:update_rollup_1:*:*:*:*:*:*",
            "matchCriteriaId": "ABE4BD19-1750-4C5D-B75C-05E9830AA632",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References