CVE-2026-32214

Severity

5.5MEDIUM

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 14

Description

Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.26026

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.9060

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.8644

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.5020

▶CVEListV5microsoft/windows_server_202510.0.26100.0 — 10.0.26100.32690

CVEList

Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability↗2026-04-14

▶

VulDB

Microsoft Windows up to Server 2025 upnp.dll access control↗2026-04-14

▶