Windows upnp.dll allows attackers to access sensitive files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.5

Windows upnp.dll allows attackers to access sensitive files

CVE-2026-32212

Summary

A flaw in Windows' upnp.dll lets authorized attackers view files on the same network. This could expose sensitive business information. Patch your Windows systems to fix this issue.

Original title

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Original description

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

nvd CVSS3.1 5.5

Vulnerability type

CWE-59 Link Following

CWE-269 Improper Privilege Management

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32212

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026