Windows SSDP Service Privilege Elevation Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.0

Windows SSDP Service Privilege Elevation Vulnerability

CVE-2026-32082

Summary

The Windows SSDP Service has a design flaw that can be exploited by an authorized attacker on the same system, potentially allowing them to gain elevated privileges. This means a malicious user with legitimate access to the system could potentially gain even more access and control. To protect against this, consider applying the latest Windows updates as soon as they become available.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Original description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.0

Vulnerability type

CWE-362 Race Condition

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32082

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026