Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.
AnalysisAI
Improper access control in Universal Plug and Play (upnp.dll) on Windows allows authenticated local attackers to disclose sensitive information without user interaction. The vulnerability affects Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 22H3, 23H2, 24H2, 25H2, 26H1), and Windows Server 2012-2025. Microsoft has released patches available through their security update guide; no public exploit code or active exploitation has been reported at time of analysis.
Technical ContextAI
Universal Plug and Play (UPnP) is a network protocol implemented via upnp.dll on Windows systems that enables automatic device discovery and configuration. The vulnerability stems from improper access control in this library, categorized under CWE-284 (Improper Access Control), which occurs when the application does not properly enforce restrictions on who can access specific resources or functionality. The flaw allows a local authenticated user with low privileges (PR:L per CVSS vector) to bypass intended access restrictions and read sensitive information that should be restricted to higher privilege levels or specific users. This is a common pattern in privilege escalation or information disclosure attacks targeting system libraries where permission checks are insufficiently enforced at the API or resource level.
RemediationAI
Vendor-released patch: Microsoft has released security updates addressing this vulnerability across all affected Windows versions. Administrators should apply the latest cumulative updates or monthly security updates from the Microsoft Security Response Center (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32214) corresponding to each affected Windows version. For Windows 10, ensure installation of updates that bring build numbers to or above: 1607 (14393.9060), 1809 (17763.8644), 21H2 (19044.7184), and 22H2 (19045.7184). For Windows 11, apply updates to reach: 22H3 (22631.6936), 23H2 (22631.6936), 24H2 (26100.32690), 25H2 (26200.8246), and 26H1 (28000.1836). For Windows Server versions, update to: 2012/R2 (9600.23132), 2016 (14393.9060), 2019 (17763.8644), 2022 (20348.5020 or 23H2 25398.2274), and 2025 (26100.32690). As an interim mitigation prior to patching, restrict local user account privileges and audit UPnP service access controls where feasible. Enable Windows Update to ensure automatic patching of future security issues.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22595
GHSA-g4ph-p8r8-x8fc