Skip to main content

Microsoft EUVDEUVD-2026-22544

| CVE-2026-32156 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft GHSA-gx83-r546-6cg7
7.4
CVSS 3.1 · NVD
Temporal: 6.4
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CIRCL (temporal)
6.4 MEDIUM
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:19 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22544
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 7.4

DescriptionCVE.org

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.

AnalysisAI

Local code execution in Windows Universal Plug and Play (UPnP) Device Host across all supported Windows 10, 11, and Server versions allows unauthenticated attackers to achieve high-impact compromise via use-after-free memory corruption. The vulnerability affects Windows 10 versions 1607 through 22H2, Windows 11 versions 22H3 through 26H1, and Windows Server 2012 through 2025 (including Server Core installations). Despite requiring local access and high attack complexity (CVSS:3.1/AV:L/AC:H), the

Technical ContextAI

The Windows Universal Plug and Play (UPnP) Device Host service (upnphost) facilitates network device discovery and control on local networks. This vulnerability stems from a use-after-free condition (CWE-416), a memory safety defect where the service continues to reference memory after it has been deallocated. In Windows kernel and system service contexts, use-after-free vulnerabilities occur when object lifetime management fails between concurrent operations, allowing an attacker to reclaim freed memory with controlled data structures. The UPnP Device Host runs with elevated system privileges to manage network device enumeration and SSDP protocol handling. Successful exploitation requires precise timing to win the race condition (reflected in AC:H) and the ability to place malicious objects in freed memory regions, but grants full control over the compromised system. The vulnerability spans the entire modern Windows ecosystem from legacy Server 2012 (kernel 6.2) through current Windows 11 26H1 and Server 2025 (kernel 10.0.28000), indicating a long-standing architectural issue in the UPnP implementation rather than a recent regression.

RemediationAI

Apply the vendor-released security updates from Microsoft's May 2026 Patch Tuesday (or subsequent release) to upgrade affected systems to patched build versions. For Windows 10 1607, upgrade to build 10.0.14393.9060 or later; for Windows 10 1809, upgrade to 10.0.17763.8644 or later; for Windows 10 21H2, upgrade to 10.0.19044.7184 or later; for Windows 10 22H2, upgrade to 10.0.19045.7184 or later; for Windows 11 22H3/23H2, upgrade to 10.0.22631.6936 or later; for Windows 11 24H2, upgrade to 10.0.26100.32690 or later; for Windows 11 25H2, upgrade to 10.0.26200.8246 or later; for Windows 11 26H1, upgrade to 10.0.28000.1836 or later; for Windows Server 2012, upgrade to 6.2.9200.26026 or later; for Server 2012 R2, upgrade to 6.3.9600.23132 or later; for Server 2016, upgrade to 10.0.14393.9060 or later; for Server 2019, upgrade to 10.0.17763.8644 or later; for Server 2022, upgrade to 10.0.20348.5020 or later; for Server 2022 23H2, upgrade

Share

EUVD-2026-22544 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy