CVE-2026-27915
Published: 14 April 2026
Summary
CVE-2026-27915 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and remediation of flaws like the use-after-free in UPnP Device Host via security patches.
Implements memory protections such as ASLR, DEP, and stack canaries to prevent exploitation of the use-after-free vulnerability leading to privilege escalation.
Restricts nonessential system functionality, such as disabling the UPnP Device Host when not required, to eliminate the vulnerable attack surface.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local use-after-free in UPnP Device Host directly enables exploitation for privilege escalation from low-privileged context to full system control.
NVD Description
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
Deeper analysisAI
CVE-2026-27915 is a use-after-free vulnerability (CWE-416) in the Windows Universal Plug and Play (UPnP) Device Host. This flaw affects Windows systems where the UPnP Device Host component is enabled, allowing memory corruption due to improper handling of freed resources. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with local attack vector, low attack complexity, and low privileges required.
An authorized local attacker with low privileges can exploit this vulnerability by triggering the use-after-free condition in the UPnP Device Host. Successful exploitation enables privilege escalation, potentially granting the attacker high-level access to the system, including full control over confidentiality, integrity, and availability of affected resources.
Microsoft's Security Response Center (MSRC) provides an update guide for this vulnerability at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27915, detailing recommended patches and mitigation steps. Security practitioners should review the advisory for specific deployment instructions and apply updates promptly to affected Windows environments.
Details
- CWE(s)