The Container Manager Service accepts an access token provided by the user without verification allowing an arbitrary process to be created with another user identity leading to privilege escalation.
advisories | CVE-2021-31165
Windows Container Manager Service CmsRpcSrv_CreateContainer Privilege Escalation
