Windows UPnP Device Host Privilege Escalation Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Windows UPnP Device Host Privilege Escalation Vulnerability

CVE-2026-27919

Summary

An attacker with local access to a Windows system can use a specific sequence of actions to gain elevated privileges on the system. This could potentially allow the attacker to install malicious software or make changes to system settings. To protect against this vulnerability, ensure that the Windows UPnP Device Host service is disabled or removed from systems that do not require it.

Original title

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

Original description

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.8

Vulnerability type

CWE-822

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27919

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026