CVE-2026-27925

MEDIUM

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.

CVSS v3.1 Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

ADJACENT_NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Published: 4/14/2026Modified: 4/22/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27925Vendor Advisory