Windows UPnP Device Host Can Execute Unauthorized Code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.4

Windows UPnP Device Host Can Execute Unauthorized Code

CVE-2026-32156

Summary

A security flaw in Windows Universal Plug and Play (UPnP) Device Host allows an attacker to run malicious code on a Windows computer without permission. This could potentially lead to unauthorized access to the system or data. To protect your computer, ensure you have the latest security updates installed and consider disabling UPnP if it's not necessary for your network.

Original title

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.

Original description

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.

nvd CVSS3.1 7.4

Vulnerability type

CWE-416 Use After Free

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32156

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026