Critical Token Validation Flaw in Azure Windows Admin Center Enables Tenant-Wide Remote Code Execution (CVE-2026-20965)

The post announces the discovery of vulnerability CVE-2026-20965, a high-severity flaw in the Azure SSO implementation of Windows Admin Center. It allows a local administrator on a single machine to bypass the limits of a virtual machine (VM) and achieve remote code execution (RCE) at the tenant-wide level. The flaw specifically involves token validation.