Primary

Context

Microsoft UPnP Device Host Remote Code Execution Vulnerability

Vulnerability

Patched

A use-after-free vulnerability has been identified in the Universal Plug and Play (UPnP) component of Windows, specifically within the 'upnp.dll' file. This vulnerability allows an unauthorized attacker to execute code remotely over the network. The issue arises from improper memory management, where the UPnP service incorrectly frees memory, potentially leading to arbitrary code execution in the context of the affected process.

Impact

Exploitation of this vulnerability could result in remote code execution on the affected system.

Remediation

Users can apply the official security update provided by Microsoft to address this vulnerability. For guidance on downloading and installing the update, refer to the Microsoft Security Update Guide.

Added: Jun 9, 2026, 6:27 PM

Updated: Jun 9, 2026, 6:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

9.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

9.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft UPnP Device Host Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Windows UPnP Device Host

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating