A newly disclosed flaw in Azure Windows Admin Center (WAC) allows unauthenticated, one‑click remote code execution (RCE) and token theft simply by luring an admin to a tampered but “legit‑looking” URL. The chained bugs are tracked collectively as CVE‑2026‑32196 and stem from control‑flow hijacking in WAC’s web logic that turns a single click into arbitrary […] The post One-Click RCE in Azure Windows Admin Center Lets Attackers Execute Arbitrary Commands appeared first on Cyber Security News.