Windows UPnP Device Host Privilege Escalation Vulnerability

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.0

Windows UPnP Device Host Privilege Escalation Vulnerability

CVE-2026-32075

Summary

An attacker with access to a Windows system can exploit a flaw in the UPnP Device Host to gain elevated privileges on the local machine. This could allow them to install malicious software or access sensitive data. To mitigate this risk, ensure that the UPnP Device Host is disabled on all systems unless it is absolutely necessary for a specific function.

Original title

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

Original description

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

nvd CVSS3.1 7.0

Vulnerability type

CWE-416 Use After Free

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32075

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026