CVE-2026-47301: Configuration Manager Elevation of Privilege Vulnerability

Overview

Severity
High (CVSS 8.8)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Category
Elevation of Privilege
Exploit Status
Not Exploited
Patch Tuesday
2026-Jul
Released
2026-07-14

Description

Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over a network.

FAQ

What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by sending specially crafted requests to the affected service interface, allowing them to upload content without the required permissions. By doing so, an authenticated attacker could leverage this unauthorized access to introduce malicious or unintended content into the system, leading to elevated capabilities beyond their intended level.

Affected Products (3)

Windows

  • Microsoft Configuration Manager 2509
  • Microsoft Configuration Manager 2603

System Center

  • Microsoft Configuration Manager 2503

Security Updates (2)

Acknowledgments

<a href="https://www.linkedin.com/in/kr-mick3y">mick3y</a> with Team SaturnX, <a href="https://www.linkedin.com/in/omri-baso/">Omri Baso</a> with <a href="https://xmcyber.com/">XM Cyber</a>

Revision History

  • 2026-07-14: Information published.