Microsoft Windows upnp.dll allows unauthorized access to local data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.5

Microsoft Windows upnp.dll allows unauthorized access to local data

CVE-2026-32214

Summary

A security issue in the upnp.dll component of Windows allows an attacker who has already gained some level of access to the system to access sensitive information that should be kept private. This could lead to unauthorized access to data on the affected system. To mitigate this risk, ensure that all Windows systems are fully updated with the latest security patches.

Original title

Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

Original description

Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

nvd CVSS3.1 5.5

Vulnerability type

CWE-284 Improper Access Control

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32214

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026