CVE-2026-27919

CWE-8223 documents3 sources

Severity

7.8HIGH

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 14

Description

Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.26026

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.9060

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.8644

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.5020

▶CVEListV5microsoft/windows_server_202510.0.26100.0 — 10.0.26100.32690

CVEList

Windows UPnP Device Host Elevation of Privilege Vulnerability↗2026-04-14

▶