CVE-2026-20967

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-20967
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20967 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_1:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_1_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_2:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_2_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_3:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_3_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_4:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_4_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_5:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_5_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_6:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_1:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_1_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_2:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_2_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_3:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2025:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2025:update_rollup_1:*:*:*:*:*:*
History

13 Mar 2026, 17:11

Type Values Removed Values Added
First Time Microsoft
Microsoft system Center Operations Manager
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20967 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20967 - Vendor Advisory
Summary
  • (es) Validación de entrada incorrecta en System Center Operations Manager permite a un atacante autorizado elevar privilegios a través de una red.
CPE cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_3_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2025:update_rollup_1:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_2_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_2:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_1_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_4:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_5_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_6:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_1:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_3:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_1:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_4_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_5:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_2:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2019:update_rollup_2_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_3:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2022:update_rollup_1_hotfix:*:*:*:*:*:*
cpe:2.3:a:microsoft:system_center_operations_manager:2025:-:*:*:*:*:*:*

10 Mar 2026, 18:18

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-10 18:18

Updated : 2026-03-13 17:11

NVD link : CVE-2026-20967

Mitre link : CVE-2026-20967

CVE.ORG link : CVE-2026-20967

JSON object : View

Products Affected

microsoft

  • system_center_operations_manager
CWE
CWE-20

Improper Input Validation