Skip to main content

Microsoft EUVDEUVD-2026-22503

| CVE-2026-32075 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft
7.0
CVSS 3.1 · NVD
Temporal: 6.1
Share

Severity by source

NVD PRIMARY
7.0 HIGH
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.1 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:18 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22503
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.0

DescriptionCVE.org

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

AnalysisAI

Local privilege escalation in Windows Universal Plug and Play (UPnP) Device Host allows authenticated attackers with low privileges to achieve system-level access through use-after-free memory corruption. Affects all supported Windows 10, Windows 11, and Windows Server versions from 2012 through 2025. Microsoft has released patches across all affected product lines. No public exploit identified at time of analysis, though the local attack vector and authentication requirement (PR:L) limit immedi

Technical ContextAI

The vulnerability resides in the Windows Universal Plug and Play Device Host service, a system component that enables network device discovery and interaction through the UPnP protocol framework. The flaw is classified as CWE-416 (Use After Free), a memory corruption class where code continues to reference memory after it has been freed, allowing attackers to manipulate freed memory regions to redirect program execution. UPnP Device Host typically runs with elevated privileges to manage network device enumeration, making it an attractive target for privilege escalation attacks. The vulnerability spans the entire Windows ecosystem from legacy Server 2012 (kernel 6.2) through modern Windows 11 26H1 and Server 2025 (kernel 10.0.28000), indicating the vulnerable code path has persisted across multiple Windows generations despite substantial kernel refactoring.

RemediationAI

Apply Microsoft security updates to upgrade affected systems to patched build versions. For Windows 10 1607 and Server 2016, upgrade to build 10.0.14393.9060 or later. For Windows 10 1809 and Server 2019, upgrade to build 10.0.17763.8644 or later. For Windows 10 21H2, upgrade to build 10.0.19044.7184 or later. For Windows 10 22H2, upgrade to build 10.0.19045.7184 or later. For Windows 11 22H3 and 23H2, upgrade to build 10.0.22631.6936 or later. For Windows 11 24H2 and Server 2025, upgrade to build 10.0.26100.32690 or later. For Windows 11 25H2, upgrade to build 10.0.26200.8246 or later. For Windows 11 26H1, upgrade to build 10.0.28000.1836 or later. For Server 2012, upgrade to build 6.2.9200.26026 or later. For Server 2012 R2, upgrade to build 6.3.9600.23132 or later. For Server 2022 23H2 Edition, upgrade to build 10.0.25398.2274 or later. Patches are distributed through Windows Update and WSUS channels. Consult the Microsoft Security Response Center advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32075 for detailed deployment guidance and known issues.

Share

EUVD-2026-22503 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy