CVE-2026-20967

HIGH EPSS 60.3%

Published Mar 10, 20263mo ago · Modified Jun 17, 20261w ago

8.8 CVSS 3.1

High

Published Mar 10, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.

Base Score

8.8

Exploitability

2.8

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

EPSS Exploit Probability

60.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

CWE-20 Improper Input Validation Validation

Vendor	Product	Version	Range
microsoft	system_center_operations_manager	2019	any
microsoft	system_center_operations_manager	2019	any
microsoft	system_center_operations_manager	2019	any
microsoft	system_center_operations_manager	2019	any
microsoft	system_center_operations_manager	2019	any
microsoft	system_center_operations_manager	2019	any
microsoft	system_center_operations_manager	2019	any
microsoft	system_center_operations_manager	2019	any
microsoft	system_center_operations_manager	2019	any
microsoft	system_center_operations_manager	2019	any
microsoft	system_center_operations_manager	2019	any
microsoft	system_center_operations_manager	2019	any
microsoft	system_center_operations_manager	2022	any
microsoft	system_center_operations_manager	2022	any
microsoft	system_center_operations_manager	2022	any
microsoft	system_center_operations_manager	2022	any
microsoft	system_center_operations_manager	2022	any
microsoft	system_center_operations_manager	2022	any
microsoft	system_center_operations_manager	2025	any
microsoft	system_center_operations_manager	2025	any

msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20967

Vendor Advisory

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.