Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
AnalysisAI
Improper link resolution in Windows UPnP (upnp.dll) allows authenticated local attackers to disclose sensitive information through symlink following. The vulnerability affects Windows 10 versions 1607-22H2, Windows 11 versions 22H3-26H1, and Windows Server 2012-2025. With local access and standard user privileges, an attacker can read files outside their normal access scope via crafted UPnP operations. Patch available from Microsoft; no public exploit code or active exploitation confirmed at tim
Technical ContextAI
Universal Plug and Play (UPnP) is a Windows service that enables device discovery and communication over local networks. The upnp.dll library handles UPnP protocol operations, including file access operations for configuration and device metadata. This vulnerability is a classic symlink-following flaw (CWE-59) where the library fails to validate that a file path does not resolve through symbolic links or junction points before accessing it. An authenticated user with local access can create symbolic links pointing to protected system files or sensitive user data, then trigger UPnP operations that follow these links without proper checks. The affected CPE strings span multiple Windows editions: Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), Windows Server 2012 through 2025 (including R2 and Server Core variants).
RemediationAI
Vendor-released patch available from Microsoft. Users should apply the latest security update for their Windows version via Windows Update, Systems Update for Business, or the Microsoft Update Catalog (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32212). For Windows 10 Version 1607, update to 10.0.14393.9060 or later; Windows 10 Version 1809, to 10.0.17763.8644 or later; Windows 10 Version 21H2, to 10.0.19044.7184 or later; Windows 10 Version 22H2, to 10.0.19045.7184 or later; Windows 11 Version 22H3, to 10.0.22631.6936 or later; Windows 11 Version 23H2, to 10.0.22631.6936 or later; Windows 11 Version 24H2, to 10.0.26100.32690 or later; Windows 11 Version 25H2, to 10.0.26200.8246 or later; Windows 11 Version 26H1, to 10.0.28000.1836 or later; Windows Server 2012, to 6.2.9200.26026 or later; Windows Server 2012 R2, to 6.3.9600
Same weakness CWE-59 – Improper Link Resolution Before File Access
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22593
GHSA-w3xc-48m6-6x2m