CVE-2026-32212

CWE-59CWE-269Improper Privilege Management3 documents3 sources
Severity
5.5MEDIUM
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
20
Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809Microsoft Windows 10 Version 21h2+17 more
Timeline
PublishedApr 14

Description

Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages20 packages

CVEListV5microsoft/windows_server_20126.2.9200.06.2.9200.26026
CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.9060
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.8644
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.5020
CVEListV5microsoft/windows_server_202510.0.26100.010.0.26100.32690

🔴Vulnerability Details

2
VulDB
Microsoft Windows up to Server 2025 link following2026-04-14
CVEList
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability2026-04-14
CVE-2026-32212 (MEDIUM CVSS 5.5) | Improper link resolution before fil | cvebase.io