Windows UPnP Device Host Privilege Escalation Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Windows UPnP Device Host Privilege Escalation Vulnerability

CVE-2026-27916

Summary

A flaw in the Windows UPnP Device Host can allow an authorized user to gain elevated permissions on a Windows system. This could potentially allow the attacker to access or modify sensitive system settings and data. To address this issue, ensure you have the latest Windows updates installed and consider configuring your firewall to limit access to UPnP.

Original title

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

Original description

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-416 Use After Free

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27916

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026