You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
upnp vulnerability
About this tag
The upnp vulnerability tag covers security flaws in the Windows Universal Plug and Play (UPnP) Device Host service. Recent discussions focus on CVE-2025-48819, a privilege escalation vulnerability that allows an authorized attacker to elevate privileges over an adjacent network by exploiting improperly locked memory. Another highlighted issue is CVE-2025-21300, a denial-of-service vulnerability in the upnphost.dll module. Both vulnerabilities affect Windows systems and are relevant for users running network-heavy environments. Topics include the UPnP protocol, memory handling flaws, and Microsoft Security Response Center advisories.
Microsoft’s July 14, 2026 security updates fix CVE-2026-50455, an Important-rated information disclosure vulnerability in Windows Universal Plug and Play library upnp.dll. The flaw requires an attacker to have local access and low-level privileges, but successful exploitation could expose...
CVE-2026-49180 affects the Windows Universal Plug and Play library, upnp.dll, and can allow a locally authenticated attacker to expose or improperly affect protected information through unsafe link handling. Microsoft disclosed the flaw on July 14, 2026, alongside its monthly security updates...
The Windows Universal Plug and Play (UPnP) Device Host has been identified with a critical vulnerability, designated as CVE-2025-48819. This flaw allows an authorized attacker to elevate their privileges over an adjacent network by exploiting sensitive data stored in improperly locked memory...
If you've ever wondered how seemingly small elements in your Windows operating system can cause widespread disruptions, CVE-2025-21300 is here to bring that notion to life. This newly disclosed vulnerability involves the upnphost.dll module on Windows and has been identified as a Denial of...