Windows UPnP Device Host Privilege Elevation Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Windows UPnP Device Host Privilege Elevation Vulnerability

CVE-2026-27920

Summary

The Windows Universal Plug and Play (UPnP) feature contains a vulnerability that can allow an authorized attacker to gain elevated privileges on a local machine. This means an attacker could potentially gain control of your computer or network. To protect your system, ensure you have the latest updates installed and consider disabling UPnP if not necessary.

Original title

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

Original description

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-822

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27920

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026