Volerion logoVolerion
Volerion logoVolerion

Microsoft Windows UPnP Remote Code Execution Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Universal Plug and Play (UPnP) component of Windows, specifically within the upnp.dll file. This vulnerability allows an unauthorized attacker to execute code remotely over a network. It affects multiple Windows versions, including various server and client editions. The vulnerability arises from improper handling of memory, which could be exploited by sending specially crafted data that causes the UPnP service to free memory incorrectly, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Remediation

Users can apply the security update provided by Microsoft to address this vulnerability. This security update is included in the Monthly Rollup for various Windows versions. Instructions for downloading the security update can be found in the Microsoft Update Catalog.

Added: Jun 9, 2026, 6:05 PM
Updated: Jun 9, 2026, 6:05 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
7.5
exploitability
4.8
remediation
7.7
relevance
9.4
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.