CVE-2026-32156

HIGH

Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally.

CVSS v3.1 Score

7.4
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Complexity
HIGH
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 4/14/2026Modified: 4/23/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32156Vendor Advisory