Mar 2026: System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability
CVE-2026-20967 Published on March 10, 2026
System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability
Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2026-20967
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft System Center Operations Manager 2019:- Version 10.19.0 and below 10.19.10658.0 is affected.
- Version 10.22.0 and below 10.22.11951.0 is affected.
- Version 1.0.0 and below 10.25.10377.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.