Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Windows SSDP Service (all Windows 10, 11, and Server versions from 2012 onwards) enables low-privileged authenticated users to gain SYSTEM-level access by exploiting a race condition in shared resource handling. The vulnerability requires low privileges and high attack complexity (CVSS AC:H), resulting in complete compromise of confidentiality, integrity, and availability. Vendor-released patches are available for all affected versions with specific build numbers pr
Technical ContextAI
The Windows SSDP Service (Simple Service Discovery Protocol) implements UPnP device discovery and network service enumeration. This vulnerability stems from CWE-362 (race condition), where concurrent threads access shared resources without proper synchronization primitives. The SSDP service runs with elevated privileges to manage network discovery, making it an attractive target for local privilege escalation. Race conditions occur when time-of-check-to-time-of-use (TOCTTOU) gaps allow attackers to manipulate shared objects between verification and execution. The vulnerability affects the entire Windows ecosystem: CPE data identifies Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server (2012, 2012 R2, 2016, 2019, 2022, 2025) including Server Core installations. EUVD version strings specify exact vulnerable build ranges, with fixes requiring builds 10.0.26100.32690+ for Server 2025/Windows 11 24H2, 10.0.22631.6936+ for Windows 11 22H3/23H2, and corresponding patched builds for older versions.
RemediationAI
Microsoft has released security updates for all affected Windows versions through standard update channels. Organizations should immediately apply the following patched builds: Windows 10 Version 1607 and Server 2016 to build 10.0.14393.9060 or higher, Windows 10 Version 1809 and Server 2019 to build 10.0.17763.8644 or higher, Windows 10 Version 21H2 to build 10.0.19044.7184 or higher, Windows 10 Version 22H2 to build 10.0.19045.7184 or higher, Windows 11 Version 22H3 and 23H2 to build 10.0.22631.6936 or higher, Windows 11 Version 24H2 and Server 2025 to build 10.0.26100.32690 or higher, Windows 11 Version 25H2 to build 10.0.26200.8246 or higher, Windows 11 Version 26H1 to build 10.0.28000.1836 or higher, Windows Server 2012 to build 6.2.9200.26026 or higher, Windows Server 2012 R2 to build 6.3.9600.23132 or higher, Windows Server 2022 to build 10.0.20348.5020 or higher, and Windows Server 2022 23H2 Edition to build 10.0.25398.2274 or higher. Deploy patches via Windows Update, WSUS, Configuration Manager, or manual download from the Microsoft Update Catalog. No workarounds are documented
Same weakness CWE-362 – Race Condition
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22515
GHSA-7phv-9jp9-84fq