Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Windows SSDP Service across Windows 10, Windows 11, and Windows Server 2012-2025 allows authenticated users with low privileges to gain SYSTEM-level access by exploiting a race condition in shared resource handling. Attack complexity is high (AC:H), requiring precise timing to win the race window. Patch available per vendor advisory; no public exploit identified at time of analysis.
Technical ContextAI
The Windows SSDP (Simple Service Discovery Protocol) Service, responsible for discovering networked devices via UPnP, contains a race condition vulnerability (CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization). Race conditions occur when multiple threads or processes access shared memory, files, or system resources without proper locking mechanisms, creating a time-of-check to time-of-use (TOCTOU) window. In this case, an attacker with existing low-privilege access can manipulate timing to execute code in a higher-privilege context during the brief moment when the SSDP service performs security-sensitive operations on shared resources. The vulnerability affects a broad range of Microsoft platforms identified via CPE strings, spanning legacy systems (Windows Server 2012) through current releases (Windows 11 26H1, Windows Server 2025).
RemediationAI
Apply security updates from Microsoft's January 2026 Patch Tuesday release cycle. Patched versions per EUVD include Windows Server 2025 build 10.0.26100.32690 or later, Windows 11 26H1 build 10.0.28000.1836 or later, Windows 11 23H2/22H3 build 10.0.22631.6936 or later, Windows 10 22H2 build 10.0.19045.7184 or later, Windows Server 2022 build 10.0.20348.5020 or later, and corresponding fix builds for other affected versions as detailed in Microsoft Security Response Center guidance at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32082. Deploy patches through standard Windows Update, WSUS, or enterprise patch management systems. As interim mitigation for systems unable to patch immediately, restrict local logon access to trusted administrators only and implement privileged access workstation (PAW) policies to limit low-privilege user sessions on sensitive systems.
Same weakness CWE-362 – Race Condition
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22514
GHSA-xxc2-62g3-qjhj