Windows SSDP Service allows local privilege escalation

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.0

Windows SSDP Service allows local privilege escalation

CVE-2026-32068

Summary

An unauthorized escalation of privileges is possible on Windows systems due to a flaw in the SSDP Service. This means an attacker with authorized access to a system could potentially gain more access than intended. To protect against this, update the Windows SSDP Service to the latest version.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Original description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.0

Vulnerability type

CWE-362 Race Condition

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32068

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026