Windows Universal Plug and Play (UPnP) Device Host
by Microsoft
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32077 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-27916 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-27484 | Hig | 0.49 | 7.5 | 0.01 | Apr 8, 2025 | Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-21389 | Hig | 0.49 | 7.5 | 0.02 | Jan 14, 2025 | Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network. | ||
| CVE-2025-21300 | Hig | 0.49 | 7.5 | 0.02 | Jan 14, 2025 | Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability | ||
| CVE-2026-32075 | Hig | 0.46 | 7.0 | 0.00 | Apr 14, 2026 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-48821 | Hig | 0.46 | 7.1 | 0.00 | Jul 8, 2025 | Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. | ||
| CVE-2025-48819 | Hig | 0.46 | 7.1 | 0.00 | Jul 8, 2025 | Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. |
- risk 0.51cvss 7.8epss 0.00
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
- risk 0.49cvss 7.5epss 0.01
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over a network.
- risk 0.49cvss 7.5epss 0.02
Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network.
- risk 0.49cvss 7.5epss 0.02
Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability
- risk 0.46cvss 7.0epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
- risk 0.46cvss 7.1epss 0.00
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.
- risk 0.46cvss 7.1epss 0.00
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network.