You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2026-27916
About this tag
CVE-2026-27916 is a Windows UPnP Device Host vulnerability addressed in Microsoft's April 14, 2026 Patch Tuesday. It is a use-after-free memory safety bug that Microsoft rates as an elevation-of-privilege (EoP) issue. With a CVSS score of 7.8 and an Important severity rating, this flaw could allow an attacker with low privileges to gain system-level control. As of the update, there is no evidence of public exploitation, making it a priority for defenders focused on reducing local attack surface. Discussions on WindowsForum cover the technical details, patch deployment strategies, and mitigation steps for this CVE.
Microsoft’s April 14, 2026 Patch Tuesday brought a new local privilege escalation flaw into focus: CVE-2026-27916, a Windows UPnP Device Host vulnerability that Microsoft rates as an elevation-of-privilege issue. The public description points to a use-after-free condition, a classic...