Skip to main content

Microsoft EUVDEUVD-2026-22466

| CVE-2026-27920 HIGH
Untrusted Pointer Dereference (CWE-822)
2026-04-14 microsoft GHSA-2jf6-4m5x-vv8v
7.8
CVSS 3.1 · NVD
Temporal: 6.8
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.8 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:29 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22466
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:58 nvd
HIGH 7.8

DescriptionCVE.org

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Universal Plug and Play Device Host service affects all supported Windows 10, Windows 11, and Windows Server versions via untrusted pointer dereference (CWE-822). Low-complexity attack requires low-level authenticated access (PR:L) with no user interaction, enabling complete system compromise (C:H/I:H/A:H). Microsoft released patches in May 2025 for 21 affected product versions. No public exploit identified at time of analysis, though the local attack vector

Technical ContextAI

The vulnerability exists in the Windows Universal Plug and Play (UPnP) Device Host service (upnphost.dll), a core networking component that enables automatic device discovery and configuration on local networks. The flaw stems from CWE-822 (Untrusted Pointer Dereference), where the UPnP service improperly validates pointer references before dereferencing them. An authenticated attacker with low-level privileges can supply malicious pointer values that cause the service to dereference attacker-controlled memory locations. Since the UPnP Device Host service typically runs with elevated SYSTEM privileges, successful exploitation allows arbitrary code execution in the security context of the service, bypassing Windows privilege boundaries. The vulnerability affects the UPnP service implementation across all modern Windows platforms from legacy Server 2012 through current Windows 11 26H1 and Server 2025, indicating the flaw exists in shared codebase spanning over a decade of Windows releases.

RemediationAI

Apply Microsoft's May 2025 security updates immediately via Windows Update or WSUS. Patched versions include Windows 10 Version 1607/Server 2016 build 10.0.14393.9060 or later, Windows 10 Version 1809/Server 2019 build 10.0.17763.8644 or later, Windows 10 Version 21H2 build 10.0.19044.7184 or later, Windows 10 Version 22H2 build 10.0.19045.7184 or later, Windows 11 Version 22H3/23H2 build 10.0.22631.6936 or later, Windows 11 Version 24H2/Server 2025 build 10.0.26100.32690 or later, Windows 11 Version 25H2 build 10.0.26200.8246 or later, Windows 11 Version 26H1 build 10.0.28000.1836 or later, Windows Server 2012 build 6.2.9200.26026 or

Share

EUVD-2026-22466 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy