Windows SSDP Service Privilege Elevation Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.0

Windows SSDP Service Privilege Elevation Vulnerability

CVE-2026-32083

Summary

An attacker with local access to a Windows system can exploit a vulnerability in the SSDP Service, potentially allowing them to gain elevated privileges. This is a concern for organizations that rely on this service, as it could lead to unauthorized changes or access to system settings. To mitigate this risk, ensure Windows updates are applied regularly and consider restricting unnecessary services.

Original title

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Original description

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.0

Vulnerability type

CWE-362 Race Condition

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32083

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026