Windows UPnP Device Host Privilege Elevation Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Windows UPnP Device Host Privilege Elevation Vulnerability

CVE-2026-27915

Summary

An attacker with authorized access to a Windows system can exploit a vulnerability in the Universal Plug and Play (UPnP) Device Host service, allowing them to gain elevated privileges on the system. This could potentially lead to unintended actions or unauthorized access to system resources. To protect your system, ensure that the UPnP service is disabled unless necessary, and consider implementing additional access controls.

Original title

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

Original description

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-416 Use After Free

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27915

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026